diff --git a/2002/0xxx/CVE-2002-0155.json b/2002/0xxx/CVE-2002-0155.json index 86177ac9d9b..2d122a7ba7c 100644 --- a/2002/0xxx/CVE-2002-0155.json +++ b/2002/0xxx/CVE-2002-0155.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102089960531919&w=2" - }, - { - "name" : "MS02-022", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022" - }, - { - "name" : "CA-2002-13", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-13.html" - }, - { - "name" : "msn-chatcontrol-resdll-bo(9041)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9041.php" - }, - { - "name" : "4707", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4707" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4707", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4707" + }, + { + "name": "CA-2002-13", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-13.html" + }, + { + "name": "MS02-022", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022" + }, + { + "name": "msn-chatcontrol-resdll-bo(9041)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9041.php" + }, + { + "name": "20020508 ADVISORY: MSN Messenger OCX Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102089960531919&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0537.json b/2002/0xxx/CVE-2002-0537.json index 76bb4b81076..0b2a21d4691 100644 --- a/2002/0xxx/CVE-2002-0537.json +++ b/2002/0xxx/CVE-2002-0537.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020411 SWS Vuln (small but important to those using it.)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html" - }, - { - "name" : "sws-insecure-admin-page(8849)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8849.php" - }, - { - "name" : "4503", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sws-insecure-admin-page(8849)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8849.php" + }, + { + "name": "4503", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4503" + }, + { + "name": "20020411 SWS Vuln (small but important to those using it.)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0148.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0957.json b/2002/0xxx/CVE-2002-0957.json index 80ccbaf80b3..52135bf44e3 100644 --- a/2002/0xxx/CVE-2002-0957.json +++ b/2002/0xxx/CVE-2002-0957.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020619 [VulnWatch] KPMG-2002023: BlackICE Agent Temporary Memory Buildup", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0114.html" - }, - { - "name" : "blackice-excessive-memory-consumption(9405)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9405.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a high tcp.maxconnections setting, which could allow remote attackers to cause a denial of service (memory consumption) via a large number of connections to the BlackICE system that consumes more resources than intended by the user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "blackice-excessive-memory-consumption(9405)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9405.php" + }, + { + "name": "20020619 [VulnWatch] KPMG-2002023: BlackICE Agent Temporary Memory Buildup", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0114.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2019.json b/2002/2xxx/CVE-2002-2019.json index 25ba57e7daf..8aeb2a888e9 100644 --- a/2002/2xxx/CVE-2002-2019.json +++ b/2002/2xxx/CVE-2002-2019.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020616 PHP source injection in osCommerce", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0188.html" - }, - { - "name" : "http://www.oscommerce.com/about.php/news,72", - "refsource" : "CONFIRM", - "url" : "http://www.oscommerce.com/about.php/news,72" - }, - { - "name" : "5037", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5037" - }, - { - "name" : "oscommerce-include-remote-files(9369)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9369.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include_once.php in osCommerce (a.k.a. Exchange Project) 2.1 allows remote attackers to execute arbitrary PHP code via the include_file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5037", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5037" + }, + { + "name": "20020616 PHP source injection in osCommerce", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0188.html" + }, + { + "name": "http://www.oscommerce.com/about.php/news,72", + "refsource": "CONFIRM", + "url": "http://www.oscommerce.com/about.php/news,72" + }, + { + "name": "oscommerce-include-remote-files(9369)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9369.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2316.json b/2002/2xxx/CVE-2002-2316.json index 25a8e028b2f..950d9c6f915 100644 --- a/2002/2xxx/CVE-2002-2316.json +++ b/2002/2xxx/CVE-2002-2316.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020520 Catalyst 4000", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0190.html" - }, - { - "name" : "20020618 Re: Catalyst 4000 - Cisco's Response", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0209.html" - }, - { - "name" : "4790", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4790" - }, - { - "name" : "cisco-catalyst-unicast-traffic(9148)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9148.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020618 Re: Catalyst 4000 - Cisco's Response", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0209.html" + }, + { + "name": "4790", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4790" + }, + { + "name": "cisco-catalyst-unicast-traffic(9148)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9148.php" + }, + { + "name": "20020520 Catalyst 4000", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0190.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2387.json b/2002/2xxx/CVE-2002-2387.json index 07b4209063a..c5760782a27 100644 --- a/2002/2xxx/CVE-2002-2387.json +++ b/2002/2xxx/CVE-2002-2387.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021112 [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0069.html" - }, - { - "name" : "http://www.mollensoft.com/news.htm", - "refsource" : "CONFIRM", - "url" : "http://www.mollensoft.com/news.htm" - }, - { - "name" : "hyperion-dotdot-directory-traversal(10599)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10599.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the LS command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021112 [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0069.html" + }, + { + "name": "hyperion-dotdot-directory-traversal(10599)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10599.php" + }, + { + "name": "http://www.mollensoft.com/news.htm", + "refsource": "CONFIRM", + "url": "http://www.mollensoft.com/news.htm" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0605.json b/2005/0xxx/CVE-2005-0605.json index 5500106f017..edca05fbce0 100644 --- a/2005/0xxx/CVE-2005-0605.json +++ b/2005/0xxx/CVE-2005-0605.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0605", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0605", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.freedesktop.org/attachment.cgi?id=1909", - "refsource" : "CONFIRM", - "url" : "https://bugs.freedesktop.org/attachment.cgi?id=1909" - }, - { - "name" : "APPLE-SA-2005-08-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" - }, - { - "name" : "APPLE-SA-2005-08-17", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" - }, - { - "name" : "DSA-723", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-723" - }, - { - "name" : "FLSA-2006:152803", - "refsource" : "FEDORA", - "url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" - }, - { - "name" : "GLSA-200503-08", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200503-08.xml" - }, - { - "name" : "GLSA-200503-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=83655", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=83655" - }, - { - "name" : "http://bugs.gentoo.org/show_bug.cgi?id=83598", - "refsource" : "CONFIRM", - "url" : "http://bugs.gentoo.org/show_bug.cgi?id=83598" - }, - { - "name" : "RHSA-2005:412", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-412.html" - }, - { - "name" : "RHSA-2005:331", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-331.html" - }, - { - "name" : "RHSA-2005:044", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-044.html" - }, - { - "name" : "RHSA-2005:198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-198.html" - }, - { - "name" : "RHSA-2005:473", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-473.html" - }, - { - "name" : "RHSA-2008:0261", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html" - }, - { - "name" : "20060403-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" - }, - { - "name" : "USN-92-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/92-1/" - }, - { - "name" : "USN-97-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/97-1/" - }, - { - "name" : "SCOSA-2005.57", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" - }, - { - "name" : "SCOSA-2006.5", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" - }, - { - "name" : "12714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12714" - }, - { - "name" : "oval:org.mitre.oval:def:10411", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" - }, - { - "name" : "1013339", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013339" - }, - { - "name" : "14460", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14460" - }, - { - "name" : "18049", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18049" - }, - { - "name" : "18316", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18316" - }, - { - "name" : "19624", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/19624" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:331", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-331.html" + }, + { + "name": "RHSA-2005:412", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-412.html" + }, + { + "name": "1013339", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013339" + }, + { + "name": "18049", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18049" + }, + { + "name": "20060403-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U" + }, + { + "name": "SCOSA-2006.5", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=83598", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=83598" + }, + { + "name": "GLSA-200503-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-15.xml" + }, + { + "name": "DSA-723", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-723" + }, + { + "name": "19624", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/19624" + }, + { + "name": "https://bugs.freedesktop.org/attachment.cgi?id=1909", + "refsource": "CONFIRM", + "url": "https://bugs.freedesktop.org/attachment.cgi?id=1909" + }, + { + "name": "APPLE-SA-2005-08-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html" + }, + { + "name": "18316", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18316" + }, + { + "name": "14460", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14460" + }, + { + "name": "RHSA-2005:198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-198.html" + }, + { + "name": "FLSA-2006:152803", + "refsource": "FEDORA", + "url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.html" + }, + { + "name": "RHSA-2005:044", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-044.html" + }, + { + "name": "GLSA-200503-08", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200503-08.xml" + }, + { + "name": "12714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12714" + }, + { + "name": "RHSA-2008:0261", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html" + }, + { + "name": "http://bugs.gentoo.org/show_bug.cgi?id=83655", + "refsource": "CONFIRM", + "url": "http://bugs.gentoo.org/show_bug.cgi?id=83655" + }, + { + "name": "RHSA-2005:473", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-473.html" + }, + { + "name": "APPLE-SA-2005-08-17", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html" + }, + { + "name": "SCOSA-2005.57", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt" + }, + { + "name": "USN-97-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/97-1/" + }, + { + "name": "oval:org.mitre.oval:def:10411", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10411" + }, + { + "name": "USN-92-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/92-1/" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0789.json b/2005/0xxx/CVE-2005-0789.json index 6f1a0e0bc69..1e4a6cffea9 100644 --- a/2005/0xxx/CVE-2005-0789.json +++ b/2005/0xxx/CVE-2005-0789.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050314 LimeWire Gnutella client two vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111082448213238&w=2" - }, - { - "name" : "GLSA-200503-37", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml" - }, - { - "name" : "14555", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14555/" - }, - { - "name" : "limewire-magnet-directory-traversal(19695)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19695" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-200503-37", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml" + }, + { + "name": "limewire-magnet-directory-traversal(19695)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19695" + }, + { + "name": "14555", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14555/" + }, + { + "name": "20050314 LimeWire Gnutella client two vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111082448213238&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1539.json b/2005/1xxx/CVE-2005-1539.json index ebd319348fd..69dc3de5edd 100644 --- a/2005/1xxx/CVE-2005-1539.json +++ b/2005/1xxx/CVE-2005-1539.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1539", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1539", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1585.json b/2005/1xxx/CVE-2005-1585.json index f07d5fdfdca..3cc8ceb7b51 100644 --- a/2005/1xxx/CVE-2005-1585.json +++ b/2005/1xxx/CVE-2005-1585.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1585", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1585", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html" - }, - { - "name" : "16326", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16326" - }, - { - "name" : "15200", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15200" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html" + }, + { + "name": "15200", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15200" + }, + { + "name": "16326", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16326" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0061.json b/2009/0xxx/CVE-2009-0061.json index 20342d7896c..9980bc3ed86 100644 --- a/2009/0xxx/CVE-2009-0061.json +++ b/2009/0xxx/CVE-2009-0061.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2009-0061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" - }, - { - "name" : "33608", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33608" - }, - { - "name" : "1021679", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021679" - }, - { - "name" : "33749", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33749" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC driver in the Cisco 4400 WLC, Cisco Catalyst 6500 and 7600 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.1 allows remote attackers to cause a denial of service (device crash or hang) via unknown IP packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml" + }, + { + "name": "33608", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33608" + }, + { + "name": "33749", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33749" + }, + { + "name": "1021679", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021679" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0269.json b/2009/0xxx/CVE-2009-0269.json index d61feb6dac8..78dc54802a2 100644 --- a/2009/0xxx/CVE-2009-0269.json +++ b/2009/0xxx/CVE-2009-0269.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0269", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0269", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" - }, - { - "name" : "[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/ecryptfs-devel/msg00010.html" - }, - { - "name" : "[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it", - "refsource" : "MLIST", - "url" : "https://lists.launchpad.net/ecryptfs-devel/msg00011.html" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" - }, - { - "name" : "DSA-1749", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1749" - }, - { - "name" : "DSA-1787", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1787" - }, - { - "name" : "MDVSA-2009:118", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118" - }, - { - "name" : "RHSA-2009:0360", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0360.html" - }, - { - "name" : "RHSA-2009:0326", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0326.html" - }, - { - "name" : "SUSE-SA:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html" - }, - { - "name" : "SUSE-SA:2009:030", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" - }, - { - "name" : "SUSE-SA:2009:031", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" - }, - { - "name" : "USN-751-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/usn-751-1" - }, - { - "name" : "33412", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33412" - }, - { - "name" : "oval:org.mitre.oval:def:8169", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169" - }, - { - "name" : "oval:org.mitre.oval:def:8944", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944" - }, - { - "name" : "34394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34394" - }, - { - "name" : "33758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33758" - }, - { - "name" : "34502", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34502" - }, - { - "name" : "34981", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34981" - }, - { - "name" : "35390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35390" - }, - { - "name" : "35394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35394" - }, - { - "name" : "37471", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37471" - }, - { - "name" : "ADV-2009-3316", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3316" - }, - { - "name" : "linux-kernel-readlink-bo(48188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35390" + }, + { + "name": "34502", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34502" + }, + { + "name": "RHSA-2009:0326", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0326.html" + }, + { + "name": "MDVSA-2009:118", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:118" + }, + { + "name": "SUSE-SA:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html" + }, + { + "name": "37471", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37471" + }, + { + "name": "RHSA-2009:0360", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0360.html" + }, + { + "name": "[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/ecryptfs-devel/msg00010.html" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" + }, + { + "name": "DSA-1749", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1749" + }, + { + "name": "33758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33758" + }, + { + "name": "SUSE-SA:2009:030", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html" + }, + { + "name": "USN-751-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/usn-751-1" + }, + { + "name": "[ecryptfs-devel] 20081222 Re: [PATCH, v5] eCryptfs: check readlink result was not an error before using it", + "refsource": "MLIST", + "url": "https://lists.launchpad.net/ecryptfs-devel/msg00011.html" + }, + { + "name": "oval:org.mitre.oval:def:8169", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169" + }, + { + "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1" + }, + { + "name": "SUSE-SA:2009:031", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=a17d5232de7b53d34229de79ec22f4bb04adb7e4" + }, + { + "name": "34981", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34981" + }, + { + "name": "34394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34394" + }, + { + "name": "DSA-1787", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1787" + }, + { + "name": "linux-kernel-readlink-bo(48188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48188" + }, + { + "name": "oval:org.mitre.oval:def:8944", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944" + }, + { + "name": "33412", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33412" + }, + { + "name": "ADV-2009-3316", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3316" + }, + { + "name": "35394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35394" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0410.json b/2009/0xxx/CVE-2009-0410.json index 74a598233f4..197eecec992 100644 --- a/2009/0xxx/CVE-2009-0410.json +++ b/2009/0xxx/CVE-2009-0410.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500609/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-010/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-010/" - }, - { - "name" : "http://download.novell.com/Download?buildid=GjZRRdqCFW0", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=GjZRRdqCFW0" - }, - { - "name" : "http://www.novell.com/support/viewContent.do?externalId=7002502", - "refsource" : "CONFIRM", - "url" : "http://www.novell.com/support/viewContent.do?externalId=7002502" - }, - { - "name" : "33560", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33560" - }, - { - "name" : "33744", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33744" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33744", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33744" + }, + { + "name": "http://download.novell.com/Download?buildid=GjZRRdqCFW0", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=GjZRRdqCFW0" + }, + { + "name": "http://www.novell.com/support/viewContent.do?externalId=7002502", + "refsource": "CONFIRM", + "url": "http://www.novell.com/support/viewContent.do?externalId=7002502" + }, + { + "name": "33560", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33560" + }, + { + "name": "20090202 ZDI-09-010: Novell Netware Groupwise GWIA RCPT Command Buffer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500609/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-010/" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0570.json b/2009/0xxx/CVE-2009-0570.json index 7f86009ebe1..6516ff74faa 100644 --- a/2009/0xxx/CVE-2009-0570.json +++ b/2009/0xxx/CVE-2009-0570.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8001", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8001" - }, - { - "name" : "33648", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33648" - }, - { - "name" : "33682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in send.php in Ninja Designs Mailist 3.0, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the load parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33682" + }, + { + "name": "8001", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8001" + }, + { + "name": "33648", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33648" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0641.json b/2009/0xxx/CVE-2009-0641.json index 3583fa3d07f..61f558ef367 100644 --- a/2009/0xxx/CVE-2009-0641.json +++ b/2009/0xxx/CVE-2009-0641.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090214 FreeBSD zeroday", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html" - }, - { - "name" : "8055", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8055" - }, - { - "name" : "FreeBSD-SA-09:05", - "refsource" : "FREEBSD", - "url" : "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc" - }, - { - "name" : "33777", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33777" - }, - { - "name" : "freebsd-telnet-ldpreload-code-execution(48780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions deletes dangerous environment variables with a method that was valid only in older FreeBSD distributions, which might allow remote attackers to execute arbitrary code by passing a crafted environment variable from a telnet client, as demonstrated by an LD_PRELOAD value that references a malicious library." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "FreeBSD-SA-09:05", + "refsource": "FREEBSD", + "url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:05.telnetd.asc" + }, + { + "name": "freebsd-telnet-ldpreload-code-execution(48780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48780" + }, + { + "name": "33777", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33777" + }, + { + "name": "20090214 FreeBSD zeroday", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html" + }, + { + "name": "8055", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8055" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0653.json b/2009/0xxx/CVE-2009-0653.json index c25bbb581a5..da436776dbf 100644 --- a/2009/0xxx/CVE-2009-0653.json +++ b/2009/0xxx/CVE-2009-0653.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike", - "refsource" : "MISC", - "url" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike" - }, - { - "name" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf", - "refsource" : "MISC", - "url" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf", + "refsource": "MISC", + "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf" + }, + { + "name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike", + "refsource": "MISC", + "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1176.json b/2009/1xxx/CVE-2009-1176.json index 268f6d55d0e..c2f967e17b7 100644 --- a/2009/1xxx/CVE-2009-1176.json +++ b/2009/1xxx/CVE-2009-1176.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1176", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1176", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502271/100/0/threaded" - }, - { - "name" : "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" - }, - { - "name" : "http://www.positronsecurity.com/advisories/2009-000.html", - "refsource" : "MISC", - "url" : "http://www.positronsecurity.com/advisories/2009-000.html" - }, - { - "name" : "FEDORA-2009-3357", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" - }, - { - "name" : "FEDORA-2009-3383", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" - }, - { - "name" : "34306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34306" - }, - { - "name" : "1021952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021952" - }, - { - "name" : "34603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.positronsecurity.com/advisories/2009-000.html", + "refsource": "MISC", + "url": "http://www.positronsecurity.com/advisories/2009-000.html" + }, + { + "name": "1021952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021952" + }, + { + "name": "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502271/100/0/threaded" + }, + { + "name": "34603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34603" + }, + { + "name": "FEDORA-2009-3383", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" + }, + { + "name": "34306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34306" + }, + { + "name": "FEDORA-2009-3357", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" + }, + { + "name": "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1427.json b/2009/1xxx/CVE-2009-1427.json index eaa484ba76e..101904c56fe 100644 --- a/2009/1xxx/CVE-2009-1427.json +++ b/2009/1xxx/CVE-2009-1427.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1427", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1427", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX02450", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832652" - }, - { - "name" : "SSRT090141", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832652" - }, - { - "name" : "36017", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36017" - }, - { - "name" : "oval:org.mitre.oval:def:6215", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6215" - }, - { - "name" : "oval:org.mitre.oval:def:19004", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19004" - }, - { - "name" : "1022706", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022706" - }, - { - "name" : "36261", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36261" - }, - { - "name" : "ADV-2009-2230", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/2230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX02450", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832652" + }, + { + "name": "oval:org.mitre.oval:def:6215", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6215" + }, + { + "name": "36261", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36261" + }, + { + "name": "SSRT090141", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01832652" + }, + { + "name": "36017", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36017" + }, + { + "name": "1022706", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022706" + }, + { + "name": "ADV-2009-2230", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/2230" + }, + { + "name": "oval:org.mitre.oval:def:19004", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19004" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1616.json b/2009/1xxx/CVE-2009-1616.json index 7a5c0db2c14..f4b7ebd7a9e 100644 --- a/2009/1xxx/CVE-2009-1616.json +++ b/2009/1xxx/CVE-2009-1616.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html" - }, - { - "name" : "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html", - "refsource" : "CONFIRM", - "url" : "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html" - }, - { - "name" : "34782", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34782" - }, - { - "name" : "54145", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54145" - }, - { - "name" : "34961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in docs/showdoc.php in Coppermine Photo Gallery (CPG) before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via the css parameter, a different vector than CVE-2008-0505." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34961" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,59247.0.html" + }, + { + "name": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html", + "refsource": "CONFIRM", + "url": "http://forum.coppermine-gallery.net/index.php/topic,59237.0.html" + }, + { + "name": "34782", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34782" + }, + { + "name": "54145", + "refsource": "OSVDB", + "url": "http://osvdb.org/54145" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5138.json b/2009/5xxx/CVE-2009-5138.json index 7d3a761c951..4726bdce62f 100644 --- a/2009/5xxx/CVE-2009-5138.json +++ b/2009/5xxx/CVE-2009-5138.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-5138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361" - }, - { - "name" : "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.security.oss.general/12223" - }, - { - "name" : "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", - "refsource" : "MLIST", - "url" : "http://thread.gmane.org/gmane.comp.security.oss.general/12127" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069301", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1069301" - }, - { - "name" : "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd", - "refsource" : "CONFIRM", - "url" : "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd" - }, - { - "name" : "RHSA-2014:0247", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0247.html" - }, - { - "name" : "SUSE-SU-2014:0319", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html" - }, - { - "name" : "SUSE-SU-2014:0320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" - }, - { - "name" : "SUSE-SU-2014:0322", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" - }, - { - "name" : "SUSE-SU-2014:0445", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html" - }, - { - "name" : "57254", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57254" - }, - { - "name" : "57260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57260" - }, - { - "name" : "57274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57274" - }, - { - "name" : "57321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57321" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates, a different vulnerability than CVE-2014-1959." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57321" + }, + { + "name": "57260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57260" + }, + { + "name": "SUSE-SU-2014:0445", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00020.html" + }, + { + "name": "57274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57274" + }, + { + "name": "SUSE-SU-2014:0319", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00000.html" + }, + { + "name": "[oss-security] 20140225 Re: Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.security.oss.general/12223" + }, + { + "name": "RHSA-2014:0247", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0247.html" + }, + { + "name": "SUSE-SU-2014:0320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" + }, + { + "name": "SUSE-SU-2014:0322", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html" + }, + { + "name": "[gnutls-devel] 20090109 Re: gnutls fails to use Verisign CA cert without a Basic Constraint", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3351/focus=3361" + }, + { + "name": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd", + "refsource": "CONFIRM", + "url": "https://gitorious.org/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd" + }, + { + "name": "57254", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57254" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069301" + }, + { + "name": "[oss-security] 20140227 Re: CVE Request - GnuTLS corrects flaw in certificate verification (3.1.x/3.2.x)", + "refsource": "MLIST", + "url": "http://thread.gmane.org/gmane.comp.security.oss.general/12127" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2177.json b/2012/2xxx/CVE-2012-2177.json index fc583f49b89..65bf6dc4ecd 100644 --- a/2012/2xxx/CVE-2012-2177.json +++ b/2012/2xxx/CVE-2012-2177.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" - }, - { - "name" : "cognos-search-xss(75400)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75400" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors related to the search feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cognos-search-xss(75400)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75400" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2184.json b/2012/2xxx/CVE-2012-2184.json index 19e5de802dc..20bdf93e7b7 100644 --- a/2012/2xxx/CVE-2012-2184.json +++ b/2012/2xxx/CVE-2012-2184.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2184", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-2184", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" - }, - { - "name" : "IV19887", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" - }, - { - "name" : "50551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50551" - }, - { - "name" : "ibm-maximo-session-fixation-iv19887(75780)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Session fixation vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote attackers to hijack web sessions via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ibm-maximo-session-fixation-iv19887(75780)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75780" + }, + { + "name": "IV19887", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV19887" + }, + { + "name": "50551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50551" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21610081" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2294.json b/2012/2xxx/CVE-2012-2294.json index 50439248aae..f4b64d49b99 100644 --- a/2012/2xxx/CVE-2012-2294.json +++ b/2012/2xxx/CVE-2012-2294.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-2294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to conduct clickjacking attacks via a crafted web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2707.json b/2012/2xxx/CVE-2012-2707.json index 0530aa0e1d1..e085d878640 100644 --- a/2012/2xxx/CVE-2012-2707.json +++ b/2012/2xxx/CVE-2012-2707.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585678", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585678" - }, - { - "name" : "http://community.aegirproject.org/1.9", - "refsource" : "CONFIRM", - "url" : "http://community.aegirproject.org/1.9" - }, - { - "name" : "http://drupal.org/node/1585658", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1585658" - }, - { - "name" : "http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101" - }, - { - "name" : "53588", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53588" - }, - { - "name" : "hostmaster-node-security-bypass(75715)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75715" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does not properly exit when users do not have access to package/task nodes, which allows remote attackers to bypass intended access restrictions and edit unauthorized nodes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hostmaster-node-security-bypass(75715)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75715" + }, + { + "name": "http://drupal.org/node/1585678", + "refsource": "MISC", + "url": "http://drupal.org/node/1585678" + }, + { + "name": "http://drupal.org/node/1585658", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1585658" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "http://community.aegirproject.org/1.9", + "refsource": "CONFIRM", + "url": "http://community.aegirproject.org/1.9" + }, + { + "name": "http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/hostmaster.git/commitdiff/8a61101" + }, + { + "name": "53588", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53588" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2799.json b/2012/2xxx/CVE-2012-2799.json index 35f5639ed7a..e7ad2acfade 100644 --- a/2012/2xxx/CVE-2012-2799.json +++ b/2012/2xxx/CVE-2012-2799.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the \"put bit buffer when num_saved_bits is reset.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3" - }, - { - "name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3" - }, - { - "name" : "55355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55355" - }, - { - "name" : "50468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the \"put bit buffer when num_saved_bits is reset.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/02/4" + }, + { + "name": "55355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55355" + }, + { + "name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/31/3" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "50468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50468" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=64bd7f8e4db1742e86c5ed02bd530688b74063e3" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3059.json b/2012/3xxx/CVE-2012-3059.json index a241fd0d49e..3e4a76a2a28 100644 --- a/2012/3xxx/CVE-2012-3059.json +++ b/2012/3xxx/CVE-2012-3059.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3059", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3059", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3474.json b/2012/3xxx/CVE-2012-3474.json index 6dc5738492d..39af3bc6cd6 100644 --- a/2012/3xxx/CVE-2012-3474.json +++ b/2012/3xxx/CVE-2012-3474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120809 Re: CVE request for Ushahidi", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/08/09/5" - }, - { - "name" : "https://github.com/ushahidi/Ushahidi_Web/commit/529f353", - "refsource" : "CONFIRM", - "url" : "https://github.com/ushahidi/Ushahidi_Web/commit/529f353" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The comments API in application/libraries/api/MY_Comments_Api_Object.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120809 Re: CVE request for Ushahidi", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/08/09/5" + }, + { + "name": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353", + "refsource": "CONFIRM", + "url": "https://github.com/ushahidi/Ushahidi_Web/commit/529f353" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3538.json b/2012/3xxx/CVE-2012-3538.json index e8a9b18ca92..be979821685 100644 --- a/2012/3xxx/CVE-2012-3538.json +++ b/2012/3xxx/CVE-2012-3538.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2012:1543", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1543.html" - }, - { - "name" : "56819", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56819" - }, - { - "name" : "88139", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/88139" - }, - { - "name" : "51472", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51472" - }, - { - "name" : "cloudforms-pulp-info-disc(80547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cloudforms-pulp-info-disc(80547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80547" + }, + { + "name": "88139", + "refsource": "OSVDB", + "url": "http://osvdb.org/88139" + }, + { + "name": "51472", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51472" + }, + { + "name": "RHSA-2012:1543", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1543.html" + }, + { + "name": "56819", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56819" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3671.json b/2012/3xxx/CVE-2012-3671.json index 0a61f201056..8445b9244c6 100644 --- a/2012/3xxx/CVE-2012-3671.json +++ b/2012/3xxx/CVE-2012-3671.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85370", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85370" - }, - { - "name" : "oval:org.mitre.oval:def:16626", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16626" - }, - { - "name" : "apple-itunes-webkit-cve20123671(78511)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "oval:org.mitre.oval:def:16626", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16626" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "apple-itunes-webkit-cve20123671(78511)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78511" + }, + { + "name": "85370", + "refsource": "OSVDB", + "url": "http://osvdb.org/85370" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4077.json b/2012/4xxx/CVE-2012-4077.json index f391f432c23..96f6f521e7b 100644 --- a/2012/4xxx/CVE-2012-4077.json +++ b/2012/4xxx/CVE-2012-4077.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4077", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4077", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131004 Cisco NX-OS Software Input Validation Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4077" - }, - { - "name" : "62849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/62849" - }, - { - "name" : "98127", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/98127" - }, - { - "name" : "55191", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55191" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco NX-OS allows local users to gain privileges and execute arbitrary commands via the sed e option, aka Bug IDs CSCtf25457 and CSCtf27651." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131004 Cisco NX-OS Software Input Validation Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4077" + }, + { + "name": "98127", + "refsource": "OSVDB", + "url": "http://osvdb.org/98127" + }, + { + "name": "62849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/62849" + }, + { + "name": "55191", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55191" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4858.json b/2012/4xxx/CVE-2012-4858.json index 645f4d42c14..aba7b1a6550 100644 --- a/2012/4xxx/CVE-2012-4858.json +++ b/2012/4xxx/CVE-2012-4858.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" - }, - { - "name" : "cognost-bi-java-com-execution(79801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034373" + }, + { + "name": "cognost-bi-java-com-execution(79801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79801" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21626697" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6167.json b/2012/6xxx/CVE-2012-6167.json index 5396c7c0750..9bfd4d94471 100644 --- a/2012/6xxx/CVE-2012-6167.json +++ b/2012/6xxx/CVE-2012-6167.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6167", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6167", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6470.json b/2012/6xxx/CVE-2012-6470.json index 3544daa83f6..afe9c6b2451 100644 --- a/2012/6xxx/CVE-2012-6470.json +++ b/2012/6xxx/CVE-2012-6470.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.opera.com/docs/changelogs/unified/1212/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/docs/changelogs/unified/1212/" - }, - { - "name" : "http://www.opera.com/support/kb/view/1038/", - "refsource" : "CONFIRM", - "url" : "http://www.opera.com/support/kb/view/1038/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.opera.com/support/kb/view/1038/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/support/kb/view/1038/" + }, + { + "name": "http://www.opera.com/docs/changelogs/unified/1212/", + "refsource": "CONFIRM", + "url": "http://www.opera.com/docs/changelogs/unified/1212/" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6497.json b/2012/6xxx/CVE-2012-6497.json index 14add516db8..131e3c2783d 100644 --- a/2012/6xxx/CVE-2012-6497.json +++ b/2012/6xxx/CVE-2012-6497.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6497", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6497", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20130103 Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2013/01/03/12" - }, - { - "name" : "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/", - "refsource" : "MISC", - "url" : "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" - }, - { - "name" : "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html", - "refsource" : "MISC", - "url" : "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html" - }, - { - "name" : "57084", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/", + "refsource": "MISC", + "url": "http://blog.phusion.nl/2013/01/03/rails-sql-injection-vulnerability-hold-your-horses-here-are-the-facts/" + }, + { + "name": "[oss-security] 20130103 Re: SQL Injection Vulnerability in Ruby on Rails (CVE-2012-5664)", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2013/01/03/12" + }, + { + "name": "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html", + "refsource": "MISC", + "url": "http://phenoelit.org/blog/archives/2012/12/21/let_me_github_that_for_you/index.html" + }, + { + "name": "57084", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57084" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2202.json b/2017/2xxx/CVE-2017-2202.json index 65d8a4de9ad..9446b759ee2 100644 --- a/2017/2xxx/CVE-2017-2202.json +++ b/2017/2xxx/CVE-2017-2202.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2202", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2202", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2352.json b/2017/2xxx/CVE-2017-2352.json index 0a7a0afe9c0..cfafee352c1 100644 --- a/2017/2xxx/CVE-2017-2352.json +++ b/2017/2xxx/CVE-2017-2352.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Unlock with iPhone\" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "https://support.apple.com/HT207487", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207487" - }, - { - "name" : "95730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95730" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Unlock with iPhone\" component, which allows attackers to bypass the wrist-presence protection mechanism and unlock a Watch device via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207487", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207487" + }, + { + "name": "95730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95730" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2863.json b/2017/2xxx/CVE-2017-2863.json index 83e135b0aed..2c89f65a997 100644 --- a/2017/2xxx/CVE-2017-2863.json +++ b/2017/2xxx/CVE-2017-2863.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-2863", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Infix", - "version" : { - "version_data" : [ - { - "version_value" : "7.1.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "Iceni" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-2863", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Infix", + "version": { + "version_data": [ + { + "version_value": "7.1.5.0" + } + ] + } + } + ] + }, + "vendor_name": "Iceni" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0367", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0367" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0367", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0367" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2995.json b/2017/2xxx/CVE-2017-2995.json index f921dbd5693..7666a319002 100644 --- a/2017/2xxx/CVE-2017-2995.json +++ b/2017/2xxx/CVE-2017-2995.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2995", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 24.0.0.194 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 24.0.0.194 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Type Confusion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2995", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 24.0.0.194 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 24.0.0.194 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" - }, - { - "name" : "GLSA-201702-20", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-20" - }, - { - "name" : "RHSA-2017:0275", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0275.html" - }, - { - "name" : "96191", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96191" - }, - { - "name" : "1037815", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037815" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Type Confusion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-20", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-20" + }, + { + "name": "RHSA-2017:0275", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0275.html" + }, + { + "name": "96191", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96191" + }, + { + "name": "1037815", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037815" + }, + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-04.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11471.json b/2018/11xxx/CVE-2018-11471.json index 5cb2ac1f65d..bdb45ce4f5a 100644 --- a/2018/11xxx/CVE-2018-11471.json +++ b/2018/11xxx/CVE-2018-11471.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cockpit 0.5.5 has XSS via a collection, form, or region." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/nikhil1232/Cockpit-CMS-XSS-POC", - "refsource" : "MISC", - "url" : "https://github.com/nikhil1232/Cockpit-CMS-XSS-POC" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cockpit 0.5.5 has XSS via a collection, form, or region." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nikhil1232/Cockpit-CMS-XSS-POC", + "refsource": "MISC", + "url": "https://github.com/nikhil1232/Cockpit-CMS-XSS-POC" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11508.json b/2018/11xxx/CVE-2018-11508.json index f7d5f3c0469..1cc4ee0356f 100644 --- a/2018/11xxx/CVE-2018-11508.json +++ b/2018/11xxx/CVE-2018-11508.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11508", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11508", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "46208", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/46208/" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95", - "refsource" : "MISC", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95" - }, - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1574", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1574" - }, - { - "name" : "https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95", - "refsource" : "MISC", - "url" : "https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95" - }, - { - "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9", - "refsource" : "MISC", - "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9" - }, - { - "name" : "USN-3695-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3695-1/" - }, - { - "name" : "USN-3695-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3695-2/" - }, - { - "name" : "USN-3697-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3697-1/" - }, - { - "name" : "USN-3697-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3697-2/" - }, - { - "name" : "104292", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-3695-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3695-1/" + }, + { + "name": "USN-3695-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3695-2/" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1574", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1574" + }, + { + "name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9", + "refsource": "MISC", + "url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.9" + }, + { + "name": "104292", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104292" + }, + { + "name": "USN-3697-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3697-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95", + "refsource": "MISC", + "url": "https://github.com/torvalds/linux/commit/0a0b98734479aa5b3c671d5190e86273372cab95" + }, + { + "name": "USN-3697-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3697-2/" + }, + { + "name": "46208", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/46208/" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95", + "refsource": "MISC", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a0b98734479aa5b3c671d5190e86273372cab95" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11929.json b/2018/11xxx/CVE-2018-11929.json index cee28ab6f54..959b214d123 100644 --- a/2018/11xxx/CVE-2018-11929.json +++ b/2018/11xxx/CVE-2018-11929.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11929", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11929", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14243.json b/2018/14xxx/CVE-2018-14243.json index 981ba63d962..f910a1655c6 100644 --- a/2018/14xxx/CVE-2018-14243.json +++ b/2018/14xxx/CVE-2018-14243.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-703", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-703" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the addPageOpenJSMessage method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-703", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-703" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14341.json b/2018/14xxx/CVE-2018-14341.json index 787435cf470..98746dd228f 100644 --- a/2018/14xxx/CVE-2018-14341.json +++ b/2018/14xxx/CVE-2018-14341.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4", - "refsource" : "CONFIRM", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-39.html", - "refsource" : "CONFIRM", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-39.html" - }, - { - "name" : "104847", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104847" - }, - { - "name" : "1041608", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041608" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041608", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041608" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-39.html", + "refsource": "CONFIRM", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-39.html" + }, + { + "name": "[debian-lts-announce] 20180729 [SECURITY] [DLA 1451-1] wireshark security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4", + "refsource": "CONFIRM", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742" + }, + { + "name": "104847", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104847" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14591.json b/2018/14xxx/CVE-2018-14591.json index ec6c3ebc697..bdbfad0ea58 100644 --- a/2018/14xxx/CVE-2018-14591.json +++ b/2018/14xxx/CVE-2018-14591.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14591", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14591", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15106.json b/2018/15xxx/CVE-2018-15106.json index 63f19e20c63..a7686ae6237 100644 --- a/2018/15xxx/CVE-2018-15106.json +++ b/2018/15xxx/CVE-2018-15106.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15106", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15106", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15505.json b/2018/15xxx/CVE-2018-15505.json index 96a7106edc2..48d0d81d647 100644 --- a/2018/15xxx/CVE-2018-15505.json +++ b/2018/15xxx/CVE-2018-15505.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9", - "refsource" : "MISC", - "url" : "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9" - }, - { - "name" : "https://github.com/embedthis/appweb/issues/605", - "refsource" : "MISC", - "url" : "https://github.com/embedthis/appweb/issues/605" - }, - { - "name" : "https://github.com/embedthis/goahead/issues/264", - "refsource" : "MISC", - "url" : "https://github.com/embedthis/goahead/issues/264" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted \"Host\" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/embedthis/appweb/issues/605", + "refsource": "MISC", + "url": "https://github.com/embedthis/appweb/issues/605" + }, + { + "name": "https://github.com/embedthis/goahead/issues/264", + "refsource": "MISC", + "url": "https://github.com/embedthis/goahead/issues/264" + }, + { + "name": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9", + "refsource": "MISC", + "url": "https://github.com/embedthis/appweb/commit/16e6979c82297d5fc4f8661e7ada975f51e4dfa9" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15549.json b/2018/15xxx/CVE-2018-15549.json index 8a43ef92301..42a4fc7e6ec 100644 --- a/2018/15xxx/CVE-2018-15549.json +++ b/2018/15xxx/CVE-2018-15549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15639.json b/2018/15xxx/CVE-2018-15639.json index ca296ed3977..3e010ba69ed 100644 --- a/2018/15xxx/CVE-2018-15639.json +++ b/2018/15xxx/CVE-2018-15639.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15639", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15639", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15652.json b/2018/15xxx/CVE-2018-15652.json index da039bc1f28..2e4cb09f6f1 100644 --- a/2018/15xxx/CVE-2018-15652.json +++ b/2018/15xxx/CVE-2018-15652.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15652", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15652", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15830.json b/2018/15xxx/CVE-2018-15830.json index 9addf576f3b..cd4b30c7fcf 100644 --- a/2018/15xxx/CVE-2018-15830.json +++ b/2018/15xxx/CVE-2018-15830.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15830", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15830", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20033.json b/2018/20xxx/CVE-2018-20033.json index 2d336259730..d9922c99a71 100644 --- a/2018/20xxx/CVE-2018-20033.json +++ b/2018/20xxx/CVE-2018-20033.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", - "DATE_PUBLIC" : "2019-01-28T00:00:00", - "ID" : "CVE-2018-20033", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FlexNet Publisher", - "version" : { - "version_data" : [ - { - "version_value" : "11.16.1.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Flexera Software LLC" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution (RCE)" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "DATE_PUBLIC": "2019-01-28T00:00:00", + "ID": "CVE-2018-20033", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FlexNet Publisher", + "version": { + "version_data": [ + { + "version_value": "11.16.1.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Flexera Software LLC" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "85979", - "refsource" : "SECUNIA", - "url" : "https://secuniaresearch.flexerasoftware.com/advisories/85979/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in lmgrd and vendor daemon components of FlexNet Publisher version 11.16.1.0 and earlier could allow a remote attacker to corrupt the memory by allocating / deallocating memory, loading lmgrd or the vendor daemon and causing the heartbeat between lmgrd and the vendor daemon to stop. This would force the vendor daemon to shut down. No exploit of this vulnerability has been demonstrated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution (RCE)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "85979", + "refsource": "SECUNIA", + "url": "https://secuniaresearch.flexerasoftware.com/advisories/85979/" + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8368.json b/2018/8xxx/CVE-2018-8368.json index 1f40464e3cc..27f21e47749 100644 --- a/2018/8xxx/CVE-2018-8368.json +++ b/2018/8xxx/CVE-2018-8368.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8368", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8368", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file