diff --git a/2002/0xxx/CVE-2002-0063.json b/2002/0xxx/CVE-2002-0063.json index 55ed850f25c..69b3690e0c9 100644 --- a/2002/0xxx/CVE-2002-0063.json +++ b/2002/0xxx/CVE-2002-0063.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0063", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0063", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cups.org/relnotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cups.org/relnotes.html" - }, - { - "name" : "DSA-110", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-110" - }, - { - "name" : "MDKSA-2002:015", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php" - }, - { - "name" : "RHSA-2002:032", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-032.html" - }, - { - "name" : "SuSE-SA:2002:005", - "refsource" : "SUSE", - "url" : "http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html" - }, - { - "name" : "CSSA-2002-008.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-008.0.txt" - }, - { - "name" : "CLA-2002:471", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000471" - }, - { - "name" : "cups-ippread-bo(8192)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8192" - }, - { - "name" : "4100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SuSE-SA:2002:005", + "refsource": "SUSE", + "url": "http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html" + }, + { + "name": "MDKSA-2002:015", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php" + }, + { + "name": "CSSA-2002-008.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-008.0.txt" + }, + { + "name": "http://www.cups.org/relnotes.html", + "refsource": "CONFIRM", + "url": "http://www.cups.org/relnotes.html" + }, + { + "name": "RHSA-2002:032", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-032.html" + }, + { + "name": "DSA-110", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-110" + }, + { + "name": "4100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4100" + }, + { + "name": "cups-ippread-bo(8192)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8192" + }, + { + "name": "CLA-2002:471", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000471" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0483.json b/2002/0xxx/CVE-2002-0483.json index 6dd61b9e719..ce62a7a5dc8 100644 --- a/2002/0xxx/CVE-2002-0483.json +++ b/2002/0xxx/CVE-2002-0483.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0483", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0483", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020320 Fw: PHPNuke 5.4 Path Disclosure Vulnerability?", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/263337" - }, - { - "name" : "4333", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4333" - }, - { - "name" : "phpnuke-index-path-disclosure(8618)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8618.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020320 Fw: PHPNuke 5.4 Path Disclosure Vulnerability?", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/263337" + }, + { + "name": "phpnuke-index-path-disclosure(8618)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8618.php" + }, + { + "name": "4333", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4333" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0853.json b/2002/0xxx/CVE-2002-0853.json index 7eabe9efbc7..2970457a6ae 100644 --- a/2002/0xxx/CVE-2002-0853.json +++ b/2002/0xxx/CVE-2002-0853.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0853", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0853", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020812 Cisco VPN Client Multiple Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml" - }, - { - "name" : "VU#287771", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/287771" - }, - { - "name" : "cisco-vpn-zerolength-dos(9821)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9821.php" - }, - { - "name" : "5440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5440" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020812 Cisco VPN Client Multiple Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml" + }, + { + "name": "VU#287771", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/287771" + }, + { + "name": "5440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5440" + }, + { + "name": "cisco-vpn-zerolength-dos(9821)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9821.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0859.json b/2002/0xxx/CVE-2002-0859.json index 7c42fe040e6..0310b2af2ee 100644 --- a/2002/0xxx/CVE-2002-0859.json +++ b/2002/0xxx/CVE-2002-0859.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0859", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0859", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102450188620081&w=2" - }, - { - "name" : "http://www.nextgenss.com/advisories/mssql-ods.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/mssql-ods.txt" - }, - { - "name" : "mssql-jet-ods-bo(9375)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9375.php" - }, - { - "name" : "5057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5057" - }, - { - "name" : "Q282010", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q282010" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102450188620081&w=2" + }, + { + "name": "mssql-jet-ods-bo(9375)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9375.php" + }, + { + "name": "5057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5057" + }, + { + "name": "http://www.nextgenss.com/advisories/mssql-ods.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/mssql-ods.txt" + }, + { + "name": "Q282010", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q282010" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1340.json b/2002/1xxx/CVE-2002-1340.json index e61948a4132..57776cd5270 100644 --- a/2002/1xxx/CVE-2002-1340.json +++ b/2002/1xxx/CVE-2002-1340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"ConnectionFile\" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101830175621193&w=2" - }, - { - "name" : "http://security.greymagic.com/adv/gm008-ie/", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/adv/gm008-ie/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"ConnectionFile\" property in the DataSourceControl component in Office Web Components (OWC) 10 allows remote attackers to determine the existence of local files by detecting an exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security.greymagic.com/adv/gm008-ie/", + "refsource": "MISC", + "url": "http://security.greymagic.com/adv/gm008-ie/" + }, + { + "name": "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101830175621193&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1377.json b/2002/1xxx/CVE-2002-1377.json index 2dc086e0b5b..1a99d0aa90a 100644 --- a/2002/1xxx/CVE-2002-1377.json +++ b/2002/1xxx/CVE-2002-1377.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021213 Some vim problems, yet still vim much better than windows", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html" - }, - { - "name" : "http://www.guninski.com/vim1.html", - "refsource" : "MISC", - "url" : "http://www.guninski.com/vim1.html" - }, - { - "name" : "20040331 OpenLinux: vim arbitrary commands execution through modelines", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108077992208690&w=2" - }, - { - "name" : "CLA-2004:812", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812" - }, - { - "name" : "MDKSA-2003:012", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012" - }, - { - "name" : "RHSA-2002:297", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-297.html" - }, - { - "name" : "RHSA-2002:302", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-302.html" - }, - { - "name" : "55700", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700" - }, - { - "name" : "6384", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6384" - }, - { - "name" : "vim-modeline-command-execution(10835)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6384", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6384" + }, + { + "name": "RHSA-2002:302", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-302.html" + }, + { + "name": "http://www.guninski.com/vim1.html", + "refsource": "MISC", + "url": "http://www.guninski.com/vim1.html" + }, + { + "name": "20021213 Some vim problems, yet still vim much better than windows", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html" + }, + { + "name": "RHSA-2002:297", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-297.html" + }, + { + "name": "55700", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700" + }, + { + "name": "CLA-2004:812", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812" + }, + { + "name": "MDKSA-2003:012", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012" + }, + { + "name": "20040331 OpenLinux: vim arbitrary commands execution through modelines", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108077992208690&w=2" + }, + { + "name": "vim-modeline-command-execution(10835)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10835" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1406.json b/2002/1xxx/CVE-2002-1406.json index e503654a071..3d2d4146a06 100644 --- a/2002/1xxx/CVE-2002-1406.json +++ b/2002/1xxx/CVE-2002-1406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to \"Unexpected behavior.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0208-210", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2002-q3/0049.html" - }, - { - "name" : "5454", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5454" - }, - { - "name" : "hp-vvos-passwd(9847)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9847.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to \"Unexpected behavior.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5454", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5454" + }, + { + "name": "hp-vvos-passwd(9847)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9847.php" + }, + { + "name": "HPSBUX0208-210", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2002-q3/0049.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2074.json b/2002/2xxx/CVE-2002-2074.json index dc1268dd0d7..ec9dc27910c 100644 --- a/2002/2xxx/CVE-2002-2074.json +++ b/2002/2xxx/CVE-2002-2074.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2074", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2074", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dl.droso.net/mailidx-20020105.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://dl.droso.net/mailidx-20020105.tar.gz" - }, - { - "name" : "3822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3822" - }, - { - "name" : "1003269", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003269" - }, - { - "name" : "mailidx-search-input-validation(7965)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7965.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in Mailidx before 20020105 allows remote attackers to execute arbitrary SQL commands via the search web page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3822" + }, + { + "name": "1003269", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003269" + }, + { + "name": "http://dl.droso.net/mailidx-20020105.tar.gz", + "refsource": "CONFIRM", + "url": "http://dl.droso.net/mailidx-20020105.tar.gz" + }, + { + "name": "mailidx-search-input-validation(7965)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7965.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0016.json b/2003/0xxx/CVE-2003-0016.json index c602c4c5499..c29a53cba61 100644 --- a/2003/0xxx/CVE-2003-0016.json +++ b/2003/0xxx/CVE-2003-0016.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0016", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0016", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2" - }, - { - "name" : "VU#979793", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/979793" - }, - { - "name" : "VU#825177", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/825177" - }, - { - "name" : "http://www.apacheweek.com/issues/03-01-24#security", - "refsource" : "CONFIRM", - "url" : "http://www.apacheweek.com/issues/03-01-24#security" - }, - { - "name" : "6659", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6659" - }, - { - "name" : "apache-device-name-dos(11124)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11124" - }, - { - "name" : "apache-device-code-execution(11125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-device-code-execution(11125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11125" + }, + { + "name": "[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released", + "refsource": "MLIST", + "url": "http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2" + }, + { + "name": "VU#979793", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/979793" + }, + { + "name": "VU#825177", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/825177" + }, + { + "name": "6659", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6659" + }, + { + "name": "http://www.apacheweek.com/issues/03-01-24#security", + "refsource": "CONFIRM", + "url": "http://www.apacheweek.com/issues/03-01-24#security" + }, + { + "name": "apache-device-name-dos(11124)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11124" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0025.json b/2003/0xxx/CVE-2003-0025.json index f624b816b25..4e67e4800c2 100644 --- a/2003/0xxx/CVE-2003-0025.json +++ b/2003/0xxx/CVE-2003-0025.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030108 IMP 2.x SQL injection vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104204786206563&w=2" - }, - { - "name" : "20030108 Re: IMP 2.x SQL injection vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/306268" - }, - { - "name" : "DSA-229", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-229" - }, - { - "name" : "6559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6559" - }, - { - "name" : "1005904", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005904" - }, - { - "name" : "8087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8087" - }, - { - "name" : "8177", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8087" + }, + { + "name": "20030108 Re: IMP 2.x SQL injection vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/306268" + }, + { + "name": "6559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6559" + }, + { + "name": "1005904", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005904" + }, + { + "name": "8177", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8177" + }, + { + "name": "20030108 IMP 2.x SQL injection vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104204786206563&w=2" + }, + { + "name": "DSA-229", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-229" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0158.json b/2003/0xxx/CVE-2003-0158.json index 63d7aa9143a..8afc80a4b76 100644 --- a/2003/0xxx/CVE-2003-0158.json +++ b/2003/0xxx/CVE-2003-0158.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0158", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0158", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-0139. Reason: This candidate is a reservation duplicate of CVE-2003-0139 due to incomplete coordination. Notes: All CVE users should reference CVE-2003-0139 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0430.json b/2003/0xxx/CVE-2003-0430.json index a65a717f14b..cf25cfa424d 100644 --- a/2003/0xxx/CVE-2003-0430.json +++ b/2003/0xxx/CVE-2003-0430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html", - "refsource" : "CONFIRM", - "url" : "http://www.ethereal.com/appnotes/enpa-sa-00010.html" - }, - { - "name" : "CLA-2003:662", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662" - }, - { - "name" : "RHSA-2003:077", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-077.html" - }, - { - "name" : "CSSA-2003-030.0", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt" - }, - { - "name" : "9007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9007" - }, - { - "name" : "oval:org.mitre.oval:def:88", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CSSA-2003-030.0", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-030.0.txt" + }, + { + "name": "oval:org.mitre.oval:def:88", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A88" + }, + { + "name": "RHSA-2003:077", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-077.html" + }, + { + "name": "CLA-2003:662", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000662" + }, + { + "name": "9007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9007" + }, + { + "name": "http://www.ethereal.com/appnotes/enpa-sa-00010.html", + "refsource": "CONFIRM", + "url": "http://www.ethereal.com/appnotes/enpa-sa-00010.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0576.json b/2003/0xxx/CVE-2003-0576.json index 0471b86beac..0fbec54a17c 100644 --- a/2003/0xxx/CVE-2003-0576.json +++ b/2003/0xxx/CVE-2003-0576.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030801-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-01-P" - }, - { - "name" : "20030801-02-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030801-02-P" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and earlier allows remote attackers to cause a denial of service (kernel panic) via certain packets that cause XDR decoding errors, a different vulnerability than CVE-2003-0619." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030801-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030801-01-P" + }, + { + "name": "20030801-02-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030801-02-P" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0941.json b/2003/0xxx/CVE-2003-0941.json index 4ca567145aa..80d5bdbc6d6 100644 --- a/2003/0xxx/CVE-2003-0941.json +++ b/2003/0xxx/CVE-2003-0941.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0941", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0941", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A111703-2", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a111703-2.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "web-tools in SAP DB before 7.4.03.30 allows remote attackers to access the Web Agent Administration pages and modify configuration via a direct request to waadmin.wa." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A111703-2", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a111703-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1261.json b/2003/1xxx/CVE-2003-1261.json index 7d3fa271153..4588c29b63c 100644 --- a/2003/1xxx/CVE-2003-1261.json +++ b/2003/1xxx/CVE-2003-1261.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030206 Re: CuteFTP 5.0 XP, Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/310710" - }, - { - "name" : "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html" - }, - { - "name" : "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/325659" - }, - { - "name" : "6786", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6786" - }, - { - "name" : "cuteftp-url-clipboard-bo(11275)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11275.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a denial of service (crash) by copying a long URL into a clipboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030206 Re: CuteFTP 5.0 XP, Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/310710" + }, + { + "name": "20030205 Re: CuteFTP 5.0 XP, Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0087.html" + }, + { + "name": "cuteftp-url-clipboard-bo(11275)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11275.php" + }, + { + "name": "20030618 Re: CuteFTP 5.0 XP, Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/325659" + }, + { + "name": "6786", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6786" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0379.json b/2012/0xxx/CVE-2012-0379.json index 27ecc2a3622..892850dd404 100644 --- a/2012/0xxx/CVE-2012-0379.json +++ b/2012/0xxx/CVE-2012-0379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0379", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0379", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0384.json b/2012/0xxx/CVE-2012-0384.json index c7fe04d5912..95f43f91954 100644 --- a/2012/0xxx/CVE-2012-0384.json +++ b/2012/0xxx/CVE-2012-0384.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software Command Authorization Bypass", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai" - }, - { - "name" : "52755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52755" - }, - { - "name" : "80704", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80704" - }, - { - "name" : "1026860", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026860" - }, - { - "name" : "48614", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48614" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x through 2.6.x and 3.1.xS before 3.1.2S, 3.2.xS through 3.4.xS before 3.4.2S, 3.5.xS before 3.5.1S, and 3.1.xSG and 3.2.xSG before 3.2.2SG, when AAA authorization is enabled, allow remote authenticated users to bypass intended access restrictions and execute commands via a (1) HTTP or (2) HTTPS session, aka Bug ID CSCtr91106." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80704", + "refsource": "OSVDB", + "url": "http://osvdb.org/80704" + }, + { + "name": "20120328 Cisco IOS Software Command Authorization Bypass", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-pai" + }, + { + "name": "1026860", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026860" + }, + { + "name": "48614", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48614" + }, + { + "name": "52755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52755" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0649.json b/2012/0xxx/CVE-2012-0649.json index 577b16b16cd..4e9d615629b 100644 --- a/2012/0xxx/CVE-2012-0649.json +++ b/2012/0xxx/CVE-2012-0649.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "53445", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53445" - }, - { - "name" : "53456", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53456" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53456", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53456" + }, + { + "name": "53445", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53445" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0985.json b/2012/0xxx/CVE-2012-0985.json index b8f5b4f6492..6e37e532c50 100644 --- a/2012/0xxx/CVE-2012-0985.json +++ b/2012/0xxx/CVE-2012-0985.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0985", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0985", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120530 2 Buffer Overflows in Wireless Manager Sony VAIO", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html" - }, - { - "name" : "18958", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18958" - }, - { - "name" : "http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946", - "refsource" : "CONFIRM", - "url" : "http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946" - }, - { - "name" : "53735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53735" - }, - { - "name" : "82401", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82401" - }, - { - "name" : "49340", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49340" - }, - { - "name" : "vaio-activex-bo(75978)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75978" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120530 2 Buffer Overflows in Wireless Manager Sony VAIO", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0147.html" + }, + { + "name": "18958", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18958" + }, + { + "name": "49340", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49340" + }, + { + "name": "82401", + "refsource": "OSVDB", + "url": "http://osvdb.org/82401" + }, + { + "name": "53735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53735" + }, + { + "name": "http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946", + "refsource": "CONFIRM", + "url": "http://esupport.sony.com/US/perl/support-info.pl?template_id=1&info_id=946" + }, + { + "name": "vaio-activex-bo(75978)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75978" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1029.json b/2012/1xxx/CVE-2012-1029.json index f8f768add8e..8b2f70f61b1 100644 --- a/2012/1xxx/CVE-2012-1029.json +++ b/2012/1xxx/CVE-2012-1029.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1029", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1029", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18466", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18466" - }, - { - "name" : "http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.html" - }, - { - "name" : "51873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51873" - }, - { - "name" : "52046", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52046" - }, - { - "name" : "78900", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78900" - }, - { - "name" : "47874", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47874" - }, - { - "name" : "tubeace-q-sql-injection(72999)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72999" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47874", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47874" + }, + { + "name": "78900", + "refsource": "OSVDB", + "url": "http://osvdb.org/78900" + }, + { + "name": "tubeace-q-sql-injection(72999)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72999" + }, + { + "name": "18466", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18466" + }, + { + "name": "52046", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52046" + }, + { + "name": "http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109485/Tube-Ace-SQL-Injection.html" + }, + { + "name": "51873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51873" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1150.json b/2012/1xxx/CVE-2012-1150.json index 6f3c5dbee2e..8e26d50dbf6 100644 --- a/2012/1xxx/CVE-2012-1150.json +++ b/2012/1xxx/CVE-2012-1150.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1150", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1150", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/10/3" - }, - { - "name" : "[python-dev] 20111229 Hash collision security issue (now public)", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/python-dev/2011-December/115116.html" - }, - { - "name" : "[python-dev] 20120128 plugging the hash attack", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/python-dev/2012-January/115892.html" - }, - { - "name" : "http://bugs.python.org/issue13703", - "refsource" : "CONFIRM", - "url" : "http://bugs.python.org/issue13703" - }, - { - "name" : "http://python.org/download/releases/2.6.8/", - "refsource" : "CONFIRM", - "url" : "http://python.org/download/releases/2.6.8/" - }, - { - "name" : "http://python.org/download/releases/2.7.3/", - "refsource" : "CONFIRM", - "url" : "http://python.org/download/releases/2.7.3/" - }, - { - "name" : "http://python.org/download/releases/3.1.5/", - "refsource" : "CONFIRM", - "url" : "http://python.org/download/releases/3.1.5/" - }, - { - "name" : "http://python.org/download/releases/3.2.3/", - "refsource" : "CONFIRM", - "url" : "http://python.org/download/releases/3.2.3/" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=750555", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=750555" - }, - { - "name" : "APPLE-SA-2013-10-22-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" - }, - { - "name" : "USN-1596-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1596-1" - }, - { - "name" : "USN-1592-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1592-1" - }, - { - "name" : "USN-1615-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1615-1" - }, - { - "name" : "USN-1616-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1616-1" - }, - { - "name" : "51089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51089" - }, - { - "name" : "50858", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50858" - }, - { - "name" : "51087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1615-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1615-1" + }, + { + "name": "http://python.org/download/releases/3.2.3/", + "refsource": "CONFIRM", + "url": "http://python.org/download/releases/3.2.3/" + }, + { + "name": "51087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51087" + }, + { + "name": "USN-1592-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1592-1" + }, + { + "name": "http://bugs.python.org/issue13703", + "refsource": "CONFIRM", + "url": "http://bugs.python.org/issue13703" + }, + { + "name": "USN-1616-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1616-1" + }, + { + "name": "[python-dev] 20111229 Hash collision security issue (now public)", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/python-dev/2011-December/115116.html" + }, + { + "name": "APPLE-SA-2013-10-22-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" + }, + { + "name": "50858", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50858" + }, + { + "name": "51089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51089" + }, + { + "name": "[python-dev] 20120128 plugging the hash attack", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/python-dev/2012-January/115892.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=750555", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750555" + }, + { + "name": "http://python.org/download/releases/2.6.8/", + "refsource": "CONFIRM", + "url": "http://python.org/download/releases/2.6.8/" + }, + { + "name": "[oss-security] 20120309 Re: CVE Request: Python Hash DoS (Issue 13703)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/10/3" + }, + { + "name": "USN-1596-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1596-1" + }, + { + "name": "http://python.org/download/releases/3.1.5/", + "refsource": "CONFIRM", + "url": "http://python.org/download/releases/3.1.5/" + }, + { + "name": "http://python.org/download/releases/2.7.3/", + "refsource": "CONFIRM", + "url": "http://python.org/download/releases/2.7.3/" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1206.json b/2012/1xxx/CVE-2012-1206.json index 525a783bd20..11cdf444676 100644 --- a/2012/1xxx/CVE-2012-1206.json +++ b/2012/1xxx/CVE-2012-1206.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1206", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1206", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100", - "refsource" : "MISC", - "url" : "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100" - }, - { - "name" : "51892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51892" - }, - { - "name" : "78906", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78906" - }, - { - "name" : "78907", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78907" - }, - { - "name" : "47386", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47386" - }, - { - "name" : "hancom-importgr-bo(73025)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73025" - }, - { - "name" : "hancom-png-bo(73026)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73026" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hancom-png-bo(73026)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73026" + }, + { + "name": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100", + "refsource": "MISC", + "url": "http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100" + }, + { + "name": "47386", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47386" + }, + { + "name": "hancom-importgr-bo(73025)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73025" + }, + { + "name": "78906", + "refsource": "OSVDB", + "url": "http://osvdb.org/78906" + }, + { + "name": "51892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51892" + }, + { + "name": "78907", + "refsource": "OSVDB", + "url": "http://osvdb.org/78907" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1739.json b/2012/1xxx/CVE-2012-1739.json index e890e08904e..cf0a0e5131a 100644 --- a/2012/1xxx/CVE-2012-1739.json +++ b/2012/1xxx/CVE-2012-1739.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54566", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54566" - }, - { - "name" : "83957", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83957" - }, - { - "name" : "1027269", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027269" - }, - { - "name" : "ebusinesssuite-fbi-cve20121739(77018)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77018" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ebusinesssuite-fbi-cve20121739(77018)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77018" + }, + { + "name": "83957", + "refsource": "OSVDB", + "url": "http://osvdb.org/83957" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "1027269", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027269" + }, + { + "name": "54566", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54566" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1782.json b/2012/1xxx/CVE-2012-1782.json index 645751165c8..a0a28b2771b 100644 --- a/2012/1xxx/CVE-2012-1782.json +++ b/2012/1xxx/CVE-2012-1782.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1782", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1782", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120227 OSQA CMS v3b - Multiple Persistent Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0164.html" - }, - { - "name" : "http://www.vulnerability-lab.com/get_content.php?id=461", - "refsource" : "MISC", - "url" : "http://www.vulnerability-lab.com/get_content.php?id=461" - }, - { - "name" : "52184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52184" + }, + { + "name": "20120227 OSQA CMS v3b - Multiple Persistent Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0164.html" + }, + { + "name": "http://www.vulnerability-lab.com/get_content.php?id=461", + "refsource": "MISC", + "url": "http://www.vulnerability-lab.com/get_content.php?id=461" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1974.json b/2012/1xxx/CVE-2012-1974.json index 3f9429ec219..0ec281600d7 100644 --- a/2012/1xxx/CVE-2012-1974.json +++ b/2012/1xxx/CVE-2012-1974.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=769303", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=769303" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "DSA-2553", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2553" - }, - { - "name" : "DSA-2556", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2556" - }, - { - "name" : "DSA-2554", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2554" - }, - { - "name" : "RHSA-2012:1211", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" - }, - { - "name" : "RHSA-2012:1210", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" - }, - { - "name" : "SUSE-SU-2012:1167", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" - }, - { - "name" : "openSUSE-SU-2012:1065", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" - }, - { - "name" : "SUSE-SU-2012:1157", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" - }, - { - "name" : "USN-1548-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-2" - }, - { - "name" : "USN-1548-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1548-1" - }, - { - "name" : "55317", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55317" - }, - { - "name" : "oval:org.mitre.oval:def:17015", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:17015", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17015" + }, + { + "name": "DSA-2556", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2556" + }, + { + "name": "55317", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55317" + }, + { + "name": "RHSA-2012:1211", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-58.html" + }, + { + "name": "DSA-2553", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2553" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=769303", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=769303" + }, + { + "name": "USN-1548-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-1" + }, + { + "name": "USN-1548-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1548-2" + }, + { + "name": "RHSA-2012:1210", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html" + }, + { + "name": "SUSE-SU-2012:1167", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" + }, + { + "name": "DSA-2554", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2554" + }, + { + "name": "SUSE-SU-2012:1157", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" + }, + { + "name": "openSUSE-SU-2012:1065", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3827.json b/2012/3xxx/CVE-2012-3827.json index 6e043b84d65..2281f98b8b7 100644 --- a/2012/3xxx/CVE-2012-3827.json +++ b/2012/3xxx/CVE-2012-3827.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3827", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3827", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3945.json b/2012/3xxx/CVE-2012-3945.json index 5cdd53e9038..41a781784ae 100644 --- a/2012/3xxx/CVE-2012-3945.json +++ b/2012/3xxx/CVE-2012-3945.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3945", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3945", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4177.json b/2012/4xxx/CVE-2012-4177.json index e4bdbee0739..4874733a0d0 100644 --- a/2012/4xxx/CVE-2012-4177.json +++ b/2012/4xxx/CVE-2012-4177.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20321", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/20321" - }, - { - "name" : "20120729 Re: AxMan ActiveX fuzzing <== Memory Corruption PoC", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Jul/375" - }, - { - "name" : "http://www.bbc.com/news/technology-19053453", - "refsource" : "MISC", - "url" : "http://www.bbc.com/news/technology-19053453" - }, - { - "name" : "http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix", - "refsource" : "CONFIRM", - "url" : "http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix" - }, - { - "name" : "84402", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "84402", + "refsource": "OSVDB", + "url": "http://osvdb.org/84402" + }, + { + "name": "20120729 Re: AxMan ActiveX fuzzing <== Memory Corruption PoC", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Jul/375" + }, + { + "name": "20321", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/20321" + }, + { + "name": "http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix", + "refsource": "CONFIRM", + "url": "http://forums.ubi.com/showthread.php/699940-Uplay-PC-Patch-2-0-4-Security-fix" + }, + { + "name": "http://www.bbc.com/news/technology-19053453", + "refsource": "MISC", + "url": "http://www.bbc.com/news/technology-19053453" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4406.json b/2012/4xxx/CVE-2012-4406.json index 23f57144ec8..d5332607b6c 100644 --- a/2012/4xxx/CVE-2012-4406.json +++ b/2012/4xxx/CVE-2012-4406.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/4" - }, - { - "name" : "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/05/16" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=854757", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=854757" - }, - { - "name" : "https://bugs.launchpad.net/swift/+bug/1006414", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/swift/+bug/1006414" - }, - { - "name" : "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a" - }, - { - "name" : "https://launchpad.net/swift/+milestone/1.7.0", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/swift/+milestone/1.7.0" - }, - { - "name" : "FEDORA-2012-15098", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html" - }, - { - "name" : "RHSA-2012:1379", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1379.html" - }, - { - "name" : "RHSA-2013:0691", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0691.html" - }, - { - "name" : "55420", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55420" - }, - { - "name" : "openstack-swift-loads-code-exec(79140)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a" + }, + { + "name": "55420", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55420" + }, + { + "name": "https://launchpad.net/swift/+milestone/1.7.0", + "refsource": "CONFIRM", + "url": "https://launchpad.net/swift/+milestone/1.7.0" + }, + { + "name": "RHSA-2012:1379", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html" + }, + { + "name": "openstack-swift-loads-code-exec(79140)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140" + }, + { + "name": "https://bugs.launchpad.net/swift/+bug/1006414", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/swift/+bug/1006414" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=854757", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757" + }, + { + "name": "[oss-security] 20120905 CVE-Request: openstack pickle de-serialization", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4" + }, + { + "name": "FEDORA-2012-15098", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html" + }, + { + "name": "RHSA-2013:0691", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html" + }, + { + "name": "[oss-security] 20120905 Re: CVE-Request: openstack pickle de-serialization", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4586.json b/2012/4xxx/CVE-2012-4586.json index a955d38abfa..9fd3caa9899 100644 --- a/2012/4xxx/CVE-2012-4586.json +++ b/2012/4xxx/CVE-2012-4586.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4586", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4586", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4686.json b/2012/4xxx/CVE-2012-4686.json index 8cbdaa9f874..7dc884b934f 100644 --- a/2012/4xxx/CVE-2012-4686.json +++ b/2012/4xxx/CVE-2012-4686.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120404 vBulletin 4.1.10 Sql Injection Vulnerabilitiy", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0042.html" - }, - { - "name" : "52897", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52897" - }, - { - "name" : "80962", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "80962", + "refsource": "OSVDB", + "url": "http://osvdb.org/80962" + }, + { + "name": "20120404 vBulletin 4.1.10 Sql Injection Vulnerabilitiy", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0042.html" + }, + { + "name": "52897", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52897" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4804.json b/2012/4xxx/CVE-2012-4804.json index 0118d2efc5e..1dd065cadd2 100644 --- a/2012/4xxx/CVE-2012-4804.json +++ b/2012/4xxx/CVE-2012-4804.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4804", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4804", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4935.json b/2012/4xxx/CVE-2012-4935.json index aa623ae69b8..f0cfba6abad 100644 --- a/2012/4xxx/CVE-2012-4935.json +++ b/2012/4xxx/CVE-2012-4935.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-4935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#802596", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/802596" - }, - { - "name" : "56381", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56381" - }, - { - "name" : "51203", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51203" - }, - { - "name" : "pattern-insight-csrf(79783)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79783" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the web interface in Pattern Insight 2.3 allows remote attackers to hijack the authentication of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pattern-insight-csrf(79783)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79783" + }, + { + "name": "VU#802596", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/802596" + }, + { + "name": "56381", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56381" + }, + { + "name": "51203", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51203" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2293.json b/2017/2xxx/CVE-2017-2293.json index 4e4712a4be8..58623cd8967 100644 --- a/2017/2xxx/CVE-2017-2293.json +++ b/2017/2xxx/CVE-2017-2293.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@puppet.com", - "DATE_PUBLIC" : "2018-02-01T00:00:00", - "ID" : "CVE-2017-2293", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Puppet Enterprise", - "version" : { - "version_data" : [ - { - "version_value" : "prior to 2016.4.5, 2016.5.x, 2017.1.x, resolved in 2016.4.5 and 2017.2.1" - } - ] - } - } - ] - }, - "vendor_name" : "Puppet" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "security@puppet.com", + "DATE_PUBLIC": "2018-02-01T00:00:00", + "ID": "CVE-2017-2293", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Puppet Enterprise", + "version": { + "version_data": [ + { + "version_value": "prior to 2016.4.5, 2016.5.x, 2017.1.x, resolved in 2016.4.5 and 2017.2.1" + } + ] + } + } + ] + }, + "vendor_name": "Puppet" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://puppet.com/security/cve/cve-2017-2293", - "refsource" : "CONFIRM", - "url" : "https://puppet.com/security/cve/cve-2017-2293" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these actions. Customers who rely on this functionality can change this policy." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://puppet.com/security/cve/cve-2017-2293", + "refsource": "CONFIRM", + "url": "https://puppet.com/security/cve/cve-2017-2293" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2612.json b/2017/2xxx/CVE-2017-2612.json index be832af5926..3108682a026 100644 --- a/2017/2xxx/CVE-2017-2612.json +++ b/2017/2xxx/CVE-2017-2612.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "jenkins 2.44" - }, - { - "version_value" : "jenkins 2.32.2" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-358" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins", + "version": { + "version_data": [ + { + "version_value": "jenkins 2.44" + }, + { + "version_value": "jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-02-01/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-02-01/" - }, - { - "name" : "95957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Jenkins before versions 2.44, 2.32.2 low privilege users were able to override JDK download credentials (SECURITY-392), resulting in future builds possibly failing to download a JDK." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-02-01/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-02-01/" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/a814154695e23dc37542af7d40cacc129cf70722" + }, + { + "name": "95957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95957" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2612" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2689.json b/2017/2xxx/CVE-2017-2689.json index 788137c434f..dec5cbd5700 100644 --- a/2017/2xxx/CVE-2017-2689.json +++ b/2017/2xxx/CVE-2017-2689.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-2689", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RUGGEDCOM ROX I All versions", - "version" : { - "version_data" : [ - { - "version_value" : "RUGGEDCOM ROX I All versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285: Improper Authorization" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2017-2689", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM ROX I All versions", + "version": { + "version_data": [ + { + "version_value": "RUGGEDCOM ROX I All versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" - }, - { - "name" : "97170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97170" - }, - { - "name" : "1038160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to obtain privileged file system access or change configuration settings." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285: Improper Authorization" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97170" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" + }, + { + "name": "1038160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038160" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3191.json b/2017/3xxx/CVE-2017-3191.json index 6d32b8c1b7a..5c73cecd4c8 100644 --- a/2017/3xxx/CVE-2017-3191.json +++ b/2017/3xxx/CVE-2017-3191.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DIR-130", - "version" : { - "version_data" : [ - { - "version_value" : "1.23" - } - ] - } - }, - { - "product_name" : "DIR-330", - "version" : { - "version_data" : [ - { - "version_value" : "1.12" - } - ] - } - } - ] - }, - "vendor_name" : "D-Link" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-294: Authentication Bypass by Capture-replay" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DIR-130", + "version": { + "version_data": [ + { + "version_value": "1.23" + } + ] + } + }, + { + "product_name": "DIR-330", + "version": { + "version_data": [ + { + "version_value": "1.12" + } + ] + } + } + ] + }, + "vendor_name": "D-Link" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293", - "refsource" : "MISC", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293" - }, - { - "name" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/", - "refsource" : "MISC", - "url" : "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/" - }, - { - "name" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/", - "refsource" : "MISC", - "url" : "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/" - }, - { - "name" : "VU#553503", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/553503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as to access some administrator-only pages such as tools_admin.asp without credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-294: Authentication Bypass by Capture-replay" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293", + "refsource": "MISC", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/123293" + }, + { + "name": "VU#553503", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/553503" + }, + { + "name": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/", + "refsource": "MISC", + "url": "https://www.wilderssecurity.com/threads/d-link-dir-130-and-dir-330-are-vulnerable-to-authentication-bypass-and-do-not-protect-credentials.392703/" + }, + { + "name": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/", + "refsource": "MISC", + "url": "https://www.scmagazine.com/d-link-dir-130-and-dir-330-routers-vulnerable/article/644553/" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3288.json b/2017/3xxx/CVE-2017-3288.json index 36d2fcfcbd7..a97cfa9d25d 100644 --- a/2017/3xxx/CVE-2017-3288.json +++ b/2017/3xxx/CVE-2017-3288.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3288", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Investor Servicing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.1" - }, - { - "version_affected" : "=", - "version_value" : "12.0.2" - }, - { - "version_affected" : "=", - "version_value" : "12.0.3" - }, - { - "version_affected" : "=", - "version_value" : "12.0.4" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.0" - }, - { - "version_affected" : "=", - "version_value" : "12.3.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3288", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Investor Servicing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.1" + }, + { + "version_affected": "=", + "version_value": "12.0.2" + }, + { + "version_affected": "=", + "version_value": "12.0.3" + }, + { + "version_affected": "=", + "version_value": "12.0.4" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.0" + }, + { + "version_affected": "=", + "version_value": "12.3.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97795", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97795" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + }, + { + "name": "97795", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97795" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6388.json b/2017/6xxx/CVE-2017-6388.json index a15f23c0db2..2e8c63ea5a6 100644 --- a/2017/6xxx/CVE-2017-6388.json +++ b/2017/6xxx/CVE-2017-6388.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6388", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6388", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6422.json b/2017/6xxx/CVE-2017-6422.json index 94867ed79fa..5b421c48e05 100644 --- a/2017/6xxx/CVE-2017-6422.json +++ b/2017/6xxx/CVE-2017-6422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6422", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6422", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6631.json b/2017/6xxx/CVE-2017-6631.json index baf22539565..94ec99b6ead 100644 --- a/2017/6xxx/CVE-2017-6631.json +++ b/2017/6xxx/CVE-2017-6631.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6631", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Yes Set-Top Box", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Yes Set-Top Box" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6631", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Yes Set-Top Box", + "version": { + "version_data": [ + { + "version_value": "Cisco Yes Set-Top Box" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb" - }, - { - "name" : "100672", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the HTTP remote procedure call (RPC) service of set-top box (STB) receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists because the firmware of an affected device fails to handle certain XML values that are passed to the HTTP RPC service listening on the local subnet of the device. An attacker could exploit this vulnerability by submitting a malformed request to an affected device. A successful attack could cause the affected device to restart, resulting in a DoS condition. Yes has updated the affected devices with firmware that addresses this vulnerability. Customers are not required to take action. Vulnerable Products: This vulnerability affects YesMaxTotal, YesMax HD, and YesQuattro STB devices. Cisco Bug IDs: CSCvd08812." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100672", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100672" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-stb" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6898.json b/2017/6xxx/CVE-2017-6898.json index 6f08e0bc92f..b973d9cdafe 100644 --- a/2017/6xxx/CVE-2017-6898.json +++ b/2017/6xxx/CVE-2017-6898.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6898", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6898", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7161.json b/2017/7xxx/CVE-2017-7161.json index 9ccf3cbd075..412da434b17 100644 --- a/2017/7xxx/CVE-2017-7161.json +++ b/2017/7xxx/CVE-2017-7161.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7161", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7161", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208324", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208324" - }, - { - "name" : "USN-3551-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3551-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 11.0.2 is affected. The issue involves the \"WebKit Web Inspector\" component. It allows remote attackers to execute arbitrary code via special characters that trigger command injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208324", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208324" + }, + { + "name": "USN-3551-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3551-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7627.json b/2017/7xxx/CVE-2017-7627.json index da8a3fb0ee0..50703ce76d8 100644 --- a/2017/7xxx/CVE-2017-7627.json +++ b/2017/7xxx/CVE-2017-7627.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The \"Smart related articles\" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://extensions.joomla.org/extension/smart-related-articles/", - "refsource" : "MISC", - "url" : "https://extensions.joomla.org/extension/smart-related-articles/" - }, - { - "name" : "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f", - "refsource" : "MISC", - "url" : "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The \"Smart related articles\" extension 1.1 for Joomla! does not prevent direct requests to dialog.php (there is a missing _JEXEC check)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://extensions.joomla.org/extension/smart-related-articles/", + "refsource": "MISC", + "url": "https://extensions.joomla.org/extension/smart-related-articles/" + }, + { + "name": "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f", + "refsource": "MISC", + "url": "https://gist.github.com/anonymous/14576258b0e66bb25ca4b7ca1638e51f" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10023.json b/2018/10xxx/CVE-2018-10023.json index 53d118cf202..62fab450bcf 100644 --- a/2018/10xxx/CVE-2018-10023.json +++ b/2018/10xxx/CVE-2018-10023.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xwlrbh/Catfish/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/xwlrbh/Catfish/issues/1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xwlrbh/Catfish/issues/1", + "refsource": "MISC", + "url": "https://github.com/xwlrbh/Catfish/issues/1" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10085.json b/2018/10xxx/CVE-2018-10085.json index 9dc3baca493..fdfac341b83 100644 --- a/2018/10xxx/CVE-2018-10085.json +++ b/2018/10xxx/CVE-2018-10085.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \\lib\\classes\\internal\\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/itodaro/cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection because of an unserialize call in the _get_data function of \\lib\\classes\\internal\\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cve/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10249.json b/2018/10xxx/CVE-2018-10249.json index e0b6e0d15fa..6afe84e66f0 100644 --- a/2018/10xxx/CVE-2018-10249.json +++ b/2018/10xxx/CVE-2018-10249.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10249", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10249", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crayon-xin.github.io/2018/04/20/baijiacmsV3-CSRF-add-admin/", - "refsource" : "MISC", - "url" : "https://crayon-xin.github.io/2018/04/20/baijiacmsV3-CSRF-add-admin/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "baijiacms V3 has CSRF via index.php?mod=site&op=edituser&name=manager&do=user to add an administrator account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crayon-xin.github.io/2018/04/20/baijiacmsV3-CSRF-add-admin/", + "refsource": "MISC", + "url": "https://crayon-xin.github.io/2018/04/20/baijiacmsV3-CSRF-add-admin/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10317.json b/2018/10xxx/CVE-2018-10317.json index 402ddf90eee..e6f81eba8ac 100644 --- a/2018/10xxx/CVE-2018-10317.json +++ b/2018/10xxx/CVE-2018-10317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10344.json b/2018/10xxx/CVE-2018-10344.json index ab12811cee7..c16dca9afe4 100644 --- a/2018/10xxx/CVE-2018-10344.json +++ b/2018/10xxx/CVE-2018-10344.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10344", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10344", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10346.json b/2018/10xxx/CVE-2018-10346.json index c74ca1bbafd..7a1ece80c1e 100644 --- a/2018/10xxx/CVE-2018-10346.json +++ b/2018/10xxx/CVE-2018-10346.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10346", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10346", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10596.json b/2018/10xxx/CVE-2018-10596.json index 9c6d31bd2f8..5d167c16ebe 100644 --- a/2018/10xxx/CVE-2018-10596.json +++ b/2018/10xxx/CVE-2018-10596.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-06-29T00:00:00", - "ID" : "CVE-2018-10596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Medtronic 2090 CareLink Programmer", - "version" : { - "version_data" : [ - { - "version_value" : "2090 CareLink Programmer, all versions." - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER RESTRICTION OF COMMUNICATION CHANNEL TO INTENDED ENDPOINTS CWE-923" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-06-29T00:00:00", + "ID": "CVE-2018-10596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Medtronic 2090 CareLink Programmer", + "version": { + "version_data": [ + { + "version_value": "2090 CareLink Programmer, all versions." + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER RESTRICTION OF COMMUNICATION CHANNEL TO INTENDED ENDPOINTS CWE-923" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14245.json b/2018/14xxx/CVE-2018-14245.json index 6a5d464d297..bf9d20a5b8c 100644 --- a/2018/14xxx/CVE-2018-14245.json +++ b/2018/14xxx/CVE-2018-14245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-705", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-705" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the closeDoc method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6008." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-705", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-705" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14467.json b/2018/14xxx/CVE-2018-14467.json index d7db1a37d54..9984c655d8c 100644 --- a/2018/14xxx/CVE-2018-14467.json +++ b/2018/14xxx/CVE-2018-14467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14468.json b/2018/14xxx/CVE-2018-14468.json index 52095396409..204eb76e648 100644 --- a/2018/14xxx/CVE-2018-14468.json +++ b/2018/14xxx/CVE-2018-14468.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14468", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14468", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14795.json b/2018/14xxx/CVE-2018-14795.json index c4fcd052d0a..43cfec2323e 100644 --- a/2018/14xxx/CVE-2018-14795.json +++ b/2018/14xxx/CVE-2018-14795.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-16T00:00:00", - "ID" : "CVE-2018-14795", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "DeltaV", - "version" : { - "version_data" : [ - { - "version_value" : "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "RELATIVE PATH TRAVERSAL CWE-23" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-16T00:00:00", + "ID": "CVE-2018-14795", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "DeltaV", + "version": { + "version_data": [ + { + "version_value": "Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" - }, - { - "name" : "105105", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "RELATIVE PATH TRAVERSAL CWE-23" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-228-01" + }, + { + "name": "105105", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105105" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17177.json b/2018/17xxx/CVE-2018-17177.json index bc83767e2dd..56f18f1f951 100644 --- a/2018/17xxx/CVE-2018-17177.json +++ b/2018/17xxx/CVE-2018-17177.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called \"black box\" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners", - "refsource" : "MISC", - "url" : "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Neato Botvac Connected 2.2.0 and Botvac 85 1.2.1 devices. Static encryption is used for the copying of so-called \"black box\" logs (event logs and core dumps) to a USB stick. These logs are RC4-encrypted with a 9-character password of *^JEd4W!I that is obfuscated by hiding it within a custom /bin/rc4_crypt binary." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners", + "refsource": "MISC", + "url": "https://media.ccc.de/v/2018-124-pinky-brain-are-taking-over-the-world-with-vacuum-cleaners" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20027.json b/2018/20xxx/CVE-2018-20027.json index 454c7ab2086..e75307387d2 100644 --- a/2018/20xxx/CVE-2018-20027.json +++ b/2018/20xxx/CVE-2018-20027.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The yaml_parse.load method in Pylearn2 allows code injection." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/lisa-lab/pylearn2/issues/1593", - "refsource" : "MISC", - "url" : "https://github.com/lisa-lab/pylearn2/issues/1593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The yaml_parse.load method in Pylearn2 allows code injection." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/lisa-lab/pylearn2/issues/1593", + "refsource": "MISC", + "url": "https://github.com/lisa-lab/pylearn2/issues/1593" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20475.json b/2018/20xxx/CVE-2018-20475.json index 41e82b77e70..033cd1c0e12 100644 --- a/2018/20xxx/CVE-2018-20475.json +++ b/2018/20xxx/CVE-2018-20475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20475", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20475", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9347.json b/2018/9xxx/CVE-2018-9347.json index 3f9c352431b..d38e844086c 100644 --- a/2018/9xxx/CVE-2018-9347.json +++ b/2018/9xxx/CVE-2018-9347.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9347", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9347", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105844", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105844" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-68664359" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105844", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105844" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9467.json b/2018/9xxx/CVE-2018-9467.json index 3e4879711ed..40da30dedf4 100644 --- a/2018/9xxx/CVE-2018-9467.json +++ b/2018/9xxx/CVE-2018-9467.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9467", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9467", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9548.json b/2018/9xxx/CVE-2018-9548.json index 1dbcd543802..19a2d59e714 100644 --- a/2018/9xxx/CVE-2018-9548.json +++ b/2018/9xxx/CVE-2018-9548.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9548", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9548", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "106067", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112555574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106067", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106067" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + } + ] + } +} \ No newline at end of file