From d85a48ace20e7e264009b1e198b6f7e28158992b Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:26:52 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0067.json | 220 +++++++++++++-------------- 2002/0xxx/CVE-2002-0512.json | 140 +++++++++--------- 2002/0xxx/CVE-2002-0697.json | 140 +++++++++--------- 2002/0xxx/CVE-2002-0735.json | 160 ++++++++++---------- 2002/2xxx/CVE-2002-2224.json | 150 +++++++++---------- 2002/2xxx/CVE-2002-2226.json | 180 +++++++++++----------- 2005/0xxx/CVE-2005-0017.json | 180 +++++++++++----------- 2005/0xxx/CVE-2005-0549.json | 140 +++++++++--------- 2005/0xxx/CVE-2005-0760.json | 160 ++++++++++---------- 2005/1xxx/CVE-2005-1191.json | 180 +++++++++++----------- 2005/1xxx/CVE-2005-1712.json | 140 +++++++++--------- 2009/0xxx/CVE-2009-0841.json | 230 ++++++++++++++--------------- 2009/0xxx/CVE-2009-0997.json | 170 ++++++++++----------- 2009/1xxx/CVE-2009-1110.json | 34 ++--- 2009/1xxx/CVE-2009-1335.json | 150 +++++++++---------- 2009/1xxx/CVE-2009-1563.json | 34 ++--- 2009/1xxx/CVE-2009-1744.json | 140 +++++++++--------- 2009/4xxx/CVE-2009-4857.json | 150 +++++++++---------- 2009/5xxx/CVE-2009-5147.json | 170 ++++++++++----------- 2012/2xxx/CVE-2012-2335.json | 220 +++++++++++++-------------- 2012/2xxx/CVE-2012-2702.json | 180 +++++++++++----------- 2012/2xxx/CVE-2012-2833.json | 140 +++++++++--------- 2012/3xxx/CVE-2012-3503.json | 170 ++++++++++----------- 2012/3xxx/CVE-2012-3550.json | 34 ++--- 2012/3xxx/CVE-2012-3648.json | 210 +++++++++++++------------- 2012/3xxx/CVE-2012-3772.json | 34 ++--- 2012/4xxx/CVE-2012-4709.json | 120 +++++++-------- 2012/4xxx/CVE-2012-4817.json | 220 +++++++++++++-------------- 2012/4xxx/CVE-2012-4915.json | 150 +++++++++---------- 2012/4xxx/CVE-2012-4918.json | 150 +++++++++---------- 2012/6xxx/CVE-2012-6316.json | 130 ++++++++-------- 2012/6xxx/CVE-2012-6646.json | 120 +++++++-------- 2012/6xxx/CVE-2012-6709.json | 130 ++++++++-------- 2015/5xxx/CVE-2015-5255.json | 200 ++++++++++++------------- 2015/5xxx/CVE-2015-5727.json | 130 ++++++++-------- 2015/5xxx/CVE-2015-5854.json | 150 +++++++++---------- 2017/2xxx/CVE-2017-2113.json | 240 +++++++++++++++--------------- 2017/2xxx/CVE-2017-2489.json | 140 +++++++++--------- 2017/2xxx/CVE-2017-2592.json | 262 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2656.json | 34 ++--- 2017/2xxx/CVE-2017-2909.json | 122 +++++++-------- 2018/11xxx/CVE-2018-11345.json | 140 +++++++++--------- 2018/11xxx/CVE-2018-11470.json | 120 +++++++-------- 2018/11xxx/CVE-2018-11700.json | 34 ++--- 2018/11xxx/CVE-2018-11858.json | 120 +++++++-------- 2018/14xxx/CVE-2018-14229.json | 34 ++--- 2018/14xxx/CVE-2018-14770.json | 130 ++++++++-------- 2018/14xxx/CVE-2018-14923.json | 120 +++++++-------- 2018/15xxx/CVE-2018-15169.json | 140 +++++++++--------- 2018/15xxx/CVE-2018-15222.json | 34 ++--- 2018/8xxx/CVE-2018-8259.json | 34 ++--- 51 files changed, 3530 insertions(+), 3530 deletions(-) diff --git a/2002/0xxx/CVE-2002-0067.json b/2002/0xxx/CVE-2002-0067.json index a9c21763255..842eb9a9138 100644 --- a/2002/0xxx/CVE-2002-0067.json +++ b/2002/0xxx/CVE-2002-0067.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020221 Squid HTTP Proxy Security Update Advisory 2002:1", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101431040422095&w=2" - }, - { - "name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/", - "refsource" : "CONFIRM", - "url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/" - }, - { - "name" : "RHSA-2002:029", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-029.html" - }, - { - "name" : "20020222 TSLSA-2002-0031 - squid", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101443252627021&w=2" - }, - { - "name" : "MDKSA-2002:016", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php" - }, - { - "name" : "CSSA-2002-SCO.7", - "refsource" : "CALDERA", - "url" : "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html" - }, - { - "name" : "CLA-2002:464", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464" - }, - { - "name" : "FreeBSD-SA-02:12", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc" - }, - { - "name" : "squid-htcp-enabled(8261)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8261.php" - }, - { - "name" : "4150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4150" - }, - { - "name" : "5379", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/", + "refsource": "CONFIRM", + "url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/" + }, + { + "name": "CLA-2002:464", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464" + }, + { + "name": "MDKSA-2002:016", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php" + }, + { + "name": "20020222 TSLSA-2002-0031 - squid", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101443252627021&w=2" + }, + { + "name": "FreeBSD-SA-02:12", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc" + }, + { + "name": "CSSA-2002-SCO.7", + "refsource": "CALDERA", + "url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html" + }, + { + "name": "squid-htcp-enabled(8261)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8261.php" + }, + { + "name": "4150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4150" + }, + { + "name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101431040422095&w=2" + }, + { + "name": "RHSA-2002:029", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-029.html" + }, + { + "name": "5379", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5379" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0512.json b/2002/0xxx/CVE-2002-0512.json index f85f1e8757c..5973266f73c 100644 --- a/2002/0xxx/CVE-2002-0512.json +++ b/2002/0xxx/CVE-2002-0512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "CSSA-2002-005.0", - "refsource" : "CALDERA", - "url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt" - }, - { - "name" : "4400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4400" - }, - { - "name" : "kde-startkde-search-directory(8737)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8737.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kde-startkde-search-directory(8737)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8737.php" + }, + { + "name": "4400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4400" + }, + { + "name": "CSSA-2002-005.0", + "refsource": "CALDERA", + "url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0697.json b/2002/0xxx/CVE-2002-0697.json index 263392fd24d..33c8e46d948 100644 --- a/2002/0xxx/CVE-2002-0697.json +++ b/2002/0xxx/CVE-2002-0697.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0697", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0697", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036" - }, - { - "name" : "mms-data-repository-access(9657)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9657.php" - }, - { - "name" : "5308", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mms-data-repository-access(9657)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9657.php" + }, + { + "name": "5308", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5308" + }, + { + "name": "MS02-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0735.json b/2002/0xxx/CVE-2002-0735.json index 1f153cdf124..a0fcd20d168 100644 --- a/2002/0xxx/CVE-2002-0735.json +++ b/2002/0xxx/CVE-2002-0735.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020506 ldap vulnerabilities", - "refsource" : "VULN-DEV", - "url" : "http://marc.info/?l=vuln-dev&m=102070267500932&w=2" - }, - { - "name" : "20020506 [VulnWatch] ldap vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html" - }, - { - "name" : "20020506 ldap vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/271173" - }, - { - "name" : "4679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4679" - }, - { - "name" : "squidauthldap-logging-format-string(9019)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9019.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020506 [VulnWatch] ldap vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html" + }, + { + "name": "4679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4679" + }, + { + "name": "squidauthldap-logging-format-string(9019)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9019.php" + }, + { + "name": "20020506 ldap vulnerabilities", + "refsource": "VULN-DEV", + "url": "http://marc.info/?l=vuln-dev&m=102070267500932&w=2" + }, + { + "name": "20020506 ldap vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/271173" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2224.json b/2002/2xxx/CVE-2002-2224.json index 03cf215667a..933d26b1250 100644 --- a/2002/2xxx/CVE-2002-2224.json +++ b/2002/2xxx/CVE-2002-2224.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM", - "refsource" : "MISC", - "url" : "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM" - }, - { - "name" : "VU#287771", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/287771" - }, - { - "name" : "5449", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5449" - }, - { - "name" : "ike-response-bo(9850)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9850" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM", + "refsource": "MISC", + "url": "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM" + }, + { + "name": "5449", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5449" + }, + { + "name": "ike-response-bo(9850)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9850" + }, + { + "name": "VU#287771", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/287771" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2226.json b/2002/2xxx/CVE-2002-2226.json index fd8c963a5e3..166d38cac82 100644 --- a/2002/2xxx/CVE-2002-2226.json +++ b/2002/2xxx/CVE-2002-2226.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2226", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2226", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021118 TFTPD32 Buffer Overflow Vulnerability (Long filename)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/300395" - }, - { - "name" : "http://tftpd32.jounin.net/", - "refsource" : "MISC", - "url" : "http://tftpd32.jounin.net/" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6C00C2061A.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6C00C2061A.html" - }, - { - "name" : "VU#632633", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/632633" - }, - { - "name" : "6199", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6199" - }, - { - "name" : "3160", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3160" - }, - { - "name" : "tftp32-filename-bo(10647)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3160", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3160" + }, + { + "name": "VU#632633", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/632633" + }, + { + "name": "http://tftpd32.jounin.net/", + "refsource": "MISC", + "url": "http://tftpd32.jounin.net/" + }, + { + "name": "6199", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6199" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6C00C2061A.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6C00C2061A.html" + }, + { + "name": "20021118 TFTPD32 Buffer Overflow Vulnerability (Long filename)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/300395" + }, + { + "name": "tftp32-filename-bo(10647)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10647" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0017.json b/2005/0xxx/CVE-2005-0017.json index b201be6e842..f8a9a832759 100644 --- a/2005/0xxx/CVE-2005-0017.json +++ b/2005/0xxx/CVE-2005-0017.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-661", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-661" - }, - { - "name" : "GLSA-200501-43", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-43.xml" - }, - { - "name" : "12380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12380" - }, - { - "name" : "1013028", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013028" - }, - { - "name" : "14041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14041" - }, - { - "name" : "14052", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14052" - }, - { - "name" : "14067", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14067", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14067" + }, + { + "name": "DSA-661", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-661" + }, + { + "name": "1013028", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013028" + }, + { + "name": "12380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12380" + }, + { + "name": "GLSA-200501-43", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200501-43.xml" + }, + { + "name": "14041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14041" + }, + { + "name": "14052", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14052" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0549.json b/2005/0xxx/CVE-2005-0549.json index 264d7c4747d..7d657ca0e25 100644 --- a/2005/0xxx/CVE-2005-0549.json +++ b/2005/0xxx/CVE-2005-0549.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"View Log Files\" function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050328 Multiple XSS issues in Sun AnswerBook2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111205163531628&w=2" - }, - { - "name" : "57737", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1" - }, - { - "name" : "1000230", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"View Log Files\" function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050328 Multiple XSS issues in Sun AnswerBook2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111205163531628&w=2" + }, + { + "name": "1000230", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1" + }, + { + "name": "57737", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0760.json b/2005/0xxx/CVE-2005-0760.json index 17cd85dac65..5a24fea3659 100644 --- a/2005/0xxx/CVE-2005-0760.json +++ b/2005/0xxx/CVE-2005-0760.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0760", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0760", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-702", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-702" - }, - { - "name" : "RHSA-2005:070", - "refsource" : "REDHAT", - "url" : "https://rhn.redhat.com/errata/RHSA-2005-070.html" - }, - { - "name" : "SUSE-SA:2005:017", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" - }, - { - "name" : "oval:org.mitre.oval:def:11184", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184" - }, - { - "name" : "1013550", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1013550", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013550" + }, + { + "name": "SUSE-SA:2005:017", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" + }, + { + "name": "oval:org.mitre.oval:def:11184", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184" + }, + { + "name": "RHSA-2005:070", + "refsource": "REDHAT", + "url": "https://rhn.redhat.com/errata/RHSA-2005-070.html" + }, + { + "name": "DSA-702", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-702" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1191.json b/2005/1xxx/CVE-2005-1191.json index 1c2d1304a70..9c2d77cc134 100644 --- a/2005/1xxx/CVE-2005-1191.json +++ b/2005/1xxx/CVE-2005-1191.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1191", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe (\"'\") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1191", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050419 File Selection May Lead to Command Execution (GM#015-IE)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/396224" - }, - { - "name" : "http://security.greymagic.com/security/advisories/gm015-ie", - "refsource" : "MISC", - "url" : "http://security.greymagic.com/security/advisories/gm015-ie" - }, - { - "name" : "MS05-024", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024" - }, - { - "name" : "13248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13248" - }, - { - "name" : "ADV-2005-0509", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0509" - }, - { - "name" : "oval:org.mitre.oval:def:3585", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585" - }, - { - "name" : "windows-web-view-command-execution(20380)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20380" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe (\"'\") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050419 File Selection May Lead to Command Execution (GM#015-IE)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/396224" + }, + { + "name": "13248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13248" + }, + { + "name": "ADV-2005-0509", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0509" + }, + { + "name": "windows-web-view-command-execution(20380)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20380" + }, + { + "name": "http://security.greymagic.com/security/advisories/gm015-ie", + "refsource": "MISC", + "url": "http://security.greymagic.com/security/advisories/gm015-ie" + }, + { + "name": "MS05-024", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024" + }, + { + "name": "oval:org.mitre.oval:def:3585", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1712.json b/2005/1xxx/CVE-2005-1712.json index 56b7526fc60..96491a68881 100644 --- a/2005/1xxx/CVE-2005-1712.json +++ b/2005/1xxx/CVE-2005-1712.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1712", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1712", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=328092", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=328092" - }, - { - "name" : "16659", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16659" - }, - { - "name" : "15405", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15405" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=328092", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=328092" + }, + { + "name": "15405", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15405" + }, + { + "name": "16659", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16659" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0841.json b/2009/0xxx/CVE-2009-0841.json index cf7a7f0a32a..93a2bb2a1f5 100644 --- a/2009/0xxx/CVE-2009-0841.json +++ b/2009/0xxx/CVE-2009-0841.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0841", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0841", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502271/100/0/threaded" - }, - { - "name" : "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", - "refsource" : "MLIST", - "url" : "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" - }, - { - "name" : "http://www.positronsecurity.com/advisories/2009-000.html", - "refsource" : "MISC", - "url" : "http://www.positronsecurity.com/advisories/2009-000.html" - }, - { - "name" : "http://trac.osgeo.org/mapserver/ticket/2942", - "refsource" : "CONFIRM", - "url" : "http://trac.osgeo.org/mapserver/ticket/2942" - }, - { - "name" : "DSA-1914", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2009/dsa-1914" - }, - { - "name" : "FEDORA-2009-3357", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" - }, - { - "name" : "FEDORA-2009-3383", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" - }, - { - "name" : "34306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34306" - }, - { - "name" : "1021952", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1021952" - }, - { - "name" : "34520", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34520" - }, - { - "name" : "34603", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34603" - }, - { - "name" : "mapserver-mapserv-dir-traversal(49548)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49548" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.positronsecurity.com/advisories/2009-000.html", + "refsource": "MISC", + "url": "http://www.positronsecurity.com/advisories/2009-000.html" + }, + { + "name": "1021952", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1021952" + }, + { + "name": "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502271/100/0/threaded" + }, + { + "name": "34603", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34603" + }, + { + "name": "FEDORA-2009-3383", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html" + }, + { + "name": "34306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34306" + }, + { + "name": "34520", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34520" + }, + { + "name": "DSA-1914", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2009/dsa-1914" + }, + { + "name": "mapserver-mapserv-dir-traversal(49548)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49548" + }, + { + "name": "http://trac.osgeo.org/mapserver/ticket/2942", + "refsource": "CONFIRM", + "url": "http://trac.osgeo.org/mapserver/ticket/2942" + }, + { + "name": "FEDORA-2009-3357", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html" + }, + { + "name": "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes", + "refsource": "MLIST", + "url": "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0997.json b/2009/0xxx/CVE-2009-0997.json index f0d44de9657..95dc1054cf4 100644 --- a/2009/0xxx/CVE-2009-0997.json +++ b/2009/0xxx/CVE-2009-0997.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-0997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53739", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53739" - }, - { - "name" : "1022052", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022052" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "53739", + "refsource": "OSVDB", + "url": "http://osvdb.org/53739" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + }, + { + "name": "1022052", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022052" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1110.json b/2009/1xxx/CVE-2009-1110.json index 5c20705282f..77ebd0cef11 100644 --- a/2009/1xxx/CVE-2009-1110.json +++ b/2009/1xxx/CVE-2009-1110.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1110", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1110", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1335.json b/2009/1xxx/CVE-2009-1335.json index 4a20c3cd1b3..be9d6c94d01 100644 --- a/2009/1xxx/CVE-2009-1335.json +++ b/2009/1xxx/CVE-2009-1335.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502617/100/0/threaded" - }, - { - "name" : "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html" - }, - { - "name" : "34478", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34478" - }, - { - "name" : "ie-unprintable-dos(50350)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50350" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html" + }, + { + "name": "ie-unprintable-dos(50350)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50350" + }, + { + "name": "34478", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34478" + }, + { + "name": "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502617/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1563.json b/2009/1xxx/CVE-2009-1563.json index 368e23bdf05..0e4baef705e 100644 --- a/2009/1xxx/CVE-2009-1563.json +++ b/2009/1xxx/CVE-2009-1563.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1563", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2009-1563", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1744.json b/2009/1xxx/CVE-2009-1744.json index eb54c859629..4b471245b41 100644 --- a/2009/1xxx/CVE-2009-1744.json +++ b/2009/1xxx/CVE-2009-1744.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8670", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8670" - }, - { - "name" : "35137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35137" - }, - { - "name" : "pinnaclestudio-hfz-dos(50856)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8670", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8670" + }, + { + "name": "pinnaclestudio-hfz-dos(50856)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50856" + }, + { + "name": "35137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35137" + } + ] + } +} \ No newline at end of file diff --git a/2009/4xxx/CVE-2009-4857.json b/2009/4xxx/CVE-2009-4857.json index 6492560b28d..4278834e078 100644 --- a/2009/4xxx/CVE-2009-4857.json +++ b/2009/4xxx/CVE-2009-4857.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-4857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-4857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt" - }, - { - "name" : "56828", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/56828" - }, - { - "name" : "36171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36171" - }, - { - "name" : "phpphotovote-login-xss(52323)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52323" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36171" + }, + { + "name": "56828", + "refsource": "OSVDB", + "url": "http://osvdb.org/56828" + }, + { + "name": "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt" + }, + { + "name": "phpphotovote-login-xss(52323)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52323" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5147.json b/2009/5xxx/CVE-2009-5147.json index 1b743008133..0a3ef17dd6e 100644 --- a/2009/5xxx/CVE-2009-5147.json +++ b/2009/5xxx/CVE-2009-5147.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5147", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5147", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2015/q3/222" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248935" - }, - { - "name" : "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", - "refsource" : "CONFIRM", - "url" : "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b" - }, - { - "name" : "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", - "refsource" : "CONFIRM", - "url" : "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/" - }, - { - "name" : "RHSA-2018:0583", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0583" - }, - { - "name" : "76060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76060" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b", + "refsource": "CONFIRM", + "url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b" + }, + { + "name": "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2015/q3/222" + }, + { + "name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/", + "refsource": "CONFIRM", + "url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/" + }, + { + "name": "RHSA-2018:0583", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0583" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935" + }, + { + "name": "76060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76060" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2335.json b/2012/2xxx/CVE-2012-2335.json index d2c07154cbf..3375e762d5e 100644 --- a/2012/2xxx/CVE-2012-2335.json +++ b/2012/2xxx/CVE-2012-2335.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", - "refsource" : "MISC", - "url" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/" - }, - { - "name" : "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569", - "refsource" : "MISC", - "url" : "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569" - }, - { - "name" : "http://www.php.net/archive/2012.php#id2012-05-06-1", - "refsource" : "MISC", - "url" : "http://www.php.net/archive/2012.php#id2012-05-06-1" - }, - { - "name" : "https://bugs.php.net/bug.php?id=61910", - "refsource" : "MISC", - "url" : "https://bugs.php.net/bug.php?id=61910" - }, - { - "name" : "HPSBMU02900", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SSRT100992", - "refsource" : "HP", - "url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" - }, - { - "name" : "SUSE-SU-2012:0840", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html" - }, - { - "name" : "SUSE-SU-2012:0721", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html" - }, - { - "name" : "VU#520827", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/520827" - }, - { - "name" : "49014", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49014" - }, - { - "name" : "php-phpwrapperfcgi-code-exec(75652)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.php.net/bug.php?id=61910", + "refsource": "MISC", + "url": "https://bugs.php.net/bug.php?id=61910" + }, + { + "name": "SUSE-SU-2012:0721", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html" + }, + { + "name": "SUSE-SU-2012:0840", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html" + }, + { + "name": "49014", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49014" + }, + { + "name": "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569", + "refsource": "MISC", + "url": "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569" + }, + { + "name": "SSRT100992", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + }, + { + "name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/", + "refsource": "MISC", + "url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/" + }, + { + "name": "VU#520827", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/520827" + }, + { + "name": "http://www.php.net/archive/2012.php#id2012-05-06-1", + "refsource": "MISC", + "url": "http://www.php.net/archive/2012.php#id2012-05-06-1" + }, + { + "name": "php-phpwrapperfcgi-code-exec(75652)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652" + }, + { + "name": "HPSBMU02900", + "refsource": "HP", + "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2702.json b/2012/2xxx/CVE-2012-2702.json index 84da5a951e8..0f3f4b38433 100644 --- a/2012/2xxx/CVE-2012-2702.json +++ b/2012/2xxx/CVE-2012-2702.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2702", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-2702", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1585532", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1585532" - }, - { - "name" : "http://drupal.org/node/1580752", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1580752" - }, - { - "name" : "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261" - }, - { - "name" : "82005", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82005" - }, - { - "name" : "49169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49169" - }, - { - "name" : "ubercartproductkeys-keys-security-bypass(75720)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261" + }, + { + "name": "http://drupal.org/node/1585532", + "refsource": "MISC", + "url": "http://drupal.org/node/1585532" + }, + { + "name": "ubercartproductkeys-keys-security-bypass(75720)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "49169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49169" + }, + { + "name": "82005", + "refsource": "OSVDB", + "url": "http://osvdb.org/82005" + }, + { + "name": "http://drupal.org/node/1580752", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1580752" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2833.json b/2012/2xxx/CVE-2012-2833.json index eaa536b85b7..ba78e6f4374 100644 --- a/2012/2xxx/CVE-2012-2833.json +++ b/2012/2xxx/CVE-2012-2833.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=132156", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=132156" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" - }, - { - "name" : "oval:org.mitre.oval:def:15584", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=132156", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=132156" + }, + { + "name": "oval:org.mitre.oval:def:15584", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3503.json b/2012/3xxx/CVE-2012-3503.json index 64945f6dd6f..485fde1d9f4 100644 --- a/2012/3xxx/CVE-2012-3503.json +++ b/2012/3xxx/CVE-2012-3503.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3", - "refsource" : "CONFIRM", - "url" : "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3" - }, - { - "name" : "https://github.com/Katello/katello/pull/499", - "refsource" : "CONFIRM", - "url" : "https://github.com/Katello/katello/pull/499" - }, - { - "name" : "RHSA-2012:1186", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1186.html" - }, - { - "name" : "RHSA-2012:1187", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1187.html" - }, - { - "name" : "55140", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55140" - }, - { - "name" : "50344", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50344" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50344", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50344" + }, + { + "name": "RHSA-2012:1187", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1187.html" + }, + { + "name": "55140", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55140" + }, + { + "name": "https://github.com/Katello/katello/pull/499", + "refsource": "CONFIRM", + "url": "https://github.com/Katello/katello/pull/499" + }, + { + "name": "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3", + "refsource": "CONFIRM", + "url": "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3" + }, + { + "name": "RHSA-2012:1186", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1186.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3550.json b/2012/3xxx/CVE-2012-3550.json index c716d3bf593..72f3c32949b 100644 --- a/2012/3xxx/CVE-2012-3550.json +++ b/2012/3xxx/CVE-2012-3550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3550", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3467. Reason: This candidate is a reservation duplicate of CVE-2012-3467. Notes: All CVE users should reference CVE-2012-3467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3550", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3467. Reason: This candidate is a reservation duplicate of CVE-2012-3467. Notes: All CVE users should reference CVE-2012-3467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3648.json b/2012/3xxx/CVE-2012-3648.json index 16177cbebf9..d522c8b2ec2 100644 --- a/2012/3xxx/CVE-2012-3648.json +++ b/2012/3xxx/CVE-2012-3648.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85402", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85402" - }, - { - "name" : "oval:org.mitre.oval:def:17246", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17246" - }, - { - "name" : "apple-itunes-webkit-cve20123648(78555)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "apple-itunes-webkit-cve20123648(78555)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78555" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "oval:org.mitre.oval:def:17246", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17246" + }, + { + "name": "85402", + "refsource": "OSVDB", + "url": "http://osvdb.org/85402" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3772.json b/2012/3xxx/CVE-2012-3772.json index c25584e74e1..87a9ace161e 100644 --- a/2012/3xxx/CVE-2012-3772.json +++ b/2012/3xxx/CVE-2012-3772.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3772", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3772", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4709.json b/2012/4xxx/CVE-2012-4709.json index 15789d490a3..9c0e08002c6 100644 --- a/2012/4xxx/CVE-2012-4709.json +++ b/2012/4xxx/CVE-2012-4709.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4817.json b/2012/4xxx/CVE-2012-4817.json index 2b7275c327a..5ed02e12861 100644 --- a/2012/4xxx/CVE-2012-4817.json +++ b/2012/4xxx/CVE-2012-4817.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4817", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4817", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc" - }, - { - "name" : "IV10327", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV10327" - }, - { - "name" : "IV11629", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV11629" - }, - { - "name" : "IV12169", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV12169" - }, - { - "name" : "IV17855", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV17855" - }, - { - "name" : "IV26436", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV26436" - }, - { - "name" : "55546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55546" - }, - { - "name" : "85427", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85427" - }, - { - "name" : "1027531", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027531" - }, - { - "name" : "50619", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50619" - }, - { - "name" : "aix-nfsv4-gid-dos(78431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027531", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027531" + }, + { + "name": "IV12169", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV12169" + }, + { + "name": "85427", + "refsource": "OSVDB", + "url": "http://osvdb.org/85427" + }, + { + "name": "50619", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50619" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc" + }, + { + "name": "IV17855", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV17855" + }, + { + "name": "IV10327", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV10327" + }, + { + "name": "IV26436", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV26436" + }, + { + "name": "55546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55546" + }, + { + "name": "IV11629", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV11629" + }, + { + "name": "aix-nfsv4-gid-dos(78431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4915.json b/2012/4xxx/CVE-2012-4915.json index 36a3cacebd9..c063463e831 100644 --- a/2012/4xxx/CVE-2012-4915.json +++ b/2012/4xxx/CVE-2012-4915.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4915", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-4915", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57133", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57133" - }, - { - "name" : "88891", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/88891" - }, - { - "name" : "50832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50832" - }, - { - "name" : "googledocembedder-pdf-file-disclosure(80930)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80930" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57133", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57133" + }, + { + "name": "googledocembedder-pdf-file-disclosure(80930)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80930" + }, + { + "name": "88891", + "refsource": "OSVDB", + "url": "http://osvdb.org/88891" + }, + { + "name": "50832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50832" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4918.json b/2012/4xxx/CVE-2012-4918.json index 1a91bb5d796..b0a9347bd33 100644 --- a/2012/4xxx/CVE-2012-4918.json +++ b/2012/4xxx/CVE-2012-4918.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-4918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57225", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57225" - }, - { - "name" : "89070", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/89070" - }, - { - "name" : "51366", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51366" - }, - { - "name" : "callofduty-ssl-spoofing(81116)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57225", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57225" + }, + { + "name": "89070", + "refsource": "OSVDB", + "url": "http://osvdb.org/89070" + }, + { + "name": "51366", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51366" + }, + { + "name": "callofduty-ssl-spoofing(81116)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81116" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6316.json b/2012/6xxx/CVE-2012-6316.json index f453959c149..7512abea373 100644 --- a/2012/6xxx/CVE-2012-6316.json +++ b/2012/6xxx/CVE-2012-6316.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6316", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6316", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121207 TP-LINK TL-WR841N XSS (Cross Site Scripting)", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Dec/93" - }, - { - "name" : "56602", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56602" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56602", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56602" + }, + { + "name": "20121207 TP-LINK TL-WR841N XSS (Cross Site Scripting)", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Dec/93" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6646.json b/2012/6xxx/CVE-2012-6646.json index c0e0cd5ea2d..31a3b992eb2 100644 --- a/2012/6xxx/CVE-2012-6646.json +++ b/2012/6xxx/CVE-2012-6646.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6646", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6646", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.f-secure.com/en/web/labs_global/fsc-2012-2", - "refsource" : "CONFIRM", - "url" : "http://www.f-secure.com/en/web/labs_global/fsc-2012-2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.f-secure.com/en/web/labs_global/fsc-2012-2", + "refsource": "CONFIRM", + "url": "http://www.f-secure.com/en/web/labs_global/fsc-2012-2" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6709.json b/2012/6xxx/CVE-2012-6709.json index ad7a8e7b7c5..88853b7ad03 100644 --- a/2012/6xxx/CVE-2012-6709.json +++ b/2012/6xxx/CVE-2012-6709.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=881399", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=881399" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=881399", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=881399" + }, + { + "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658", + "refsource": "MISC", + "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5255.json b/2015/5xxx/CVE-2015-5255.json index ea7624408b1..40ddb6897ba 100644 --- a/2015/5xxx/CVE-2015-5255.json +++ b/2015/5xxx/CVE-2015-5255.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5255", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2015-5255", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/536958/100/0/threaded" - }, - { - "name" : "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" - }, - { - "name" : "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" - }, - { - "name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670", - "refsource" : "CONFIRM", - "url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2015-0008.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2015-0008.html" - }, - { - "name" : "HPSBST03568", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=145996963420108&w=2" - }, - { - "name" : "77626", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/77626" - }, - { - "name" : "1034210", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1034210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBST03568", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=145996963420108&w=2" + }, + { + "name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html" + }, + { + "name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html" + }, + { + "name": "1034210", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1034210" + }, + { + "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670", + "refsource": "CONFIRM", + "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html" + }, + { + "name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html" + }, + { + "name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded" + }, + { + "name": "77626", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/77626" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5727.json b/2015/5xxx/CVE-2015-5727.json index 98b34ad68fe..5aa585631e9 100644 --- a/2015/5xxx/CVE-2015-5727.json +++ b/2015/5xxx/CVE-2015-5727.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5727", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2015-5727", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://botan.randombit.net/security.html", - "refsource" : "CONFIRM", - "url" : "http://botan.randombit.net/security.html" - }, - { - "name" : "DSA-3565", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2016/dsa-3565" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3565", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2016/dsa-3565" + }, + { + "name": "http://botan.randombit.net/security.html", + "refsource": "CONFIRM", + "url": "http://botan.randombit.net/security.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5854.json b/2015/5xxx/CVE-2015-5854.json index 9b018a639c7..4876f33e760 100644 --- a/2015/5xxx/CVE-2015-5854.json +++ b/2015/5xxx/CVE-2015-5854.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5854", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5854", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205267", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205267" - }, - { - "name" : "APPLE-SA-2015-09-30-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" - }, - { - "name" : "76908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/76908" - }, - { - "name" : "1033703", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033703" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033703", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033703" + }, + { + "name": "APPLE-SA-2015-09-30-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" + }, + { + "name": "https://support.apple.com/HT205267", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205267" + }, + { + "name": "76908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/76908" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2113.json b/2017/2xxx/CVE-2017-2113.json index ff58dba2c25..bd3ecc28193 100644 --- a/2017/2xxx/CVE-2017-2113.json +++ b/2017/2xxx/CVE-2017-2113.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2113", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TS-WPTCAM", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WPTCAM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.00" - } - ] - } - }, - { - "product_name" : "TS-WLCE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WLC2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WRLC", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.17 and earlier" - } - ] - } - }, - { - "product_name" : "TS-PTCAM/POE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2113", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TS-WPTCAM", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WPTCAM2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.00" + } + ] + } + }, + { + "product_name": "TS-WLCE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WLC2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WRLC", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.17 and earlier" + } + ] + } + }, + { + "product_name": "TS-PTCAM/POE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2017/camera201702/", - "refsource" : "MISC", - "url" : "http://www.iodata.jp/support/information/2017/camera201702/" - }, - { - "name" : "JVN#46830433", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46830433/index.html" - }, - { - "name" : "96620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#46830433", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46830433/index.html" + }, + { + "name": "96620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96620" + }, + { + "name": "http://www.iodata.jp/support/information/2017/camera201702/", + "refsource": "MISC", + "url": "http://www.iodata.jp/support/information/2017/camera201702/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2489.json b/2017/2xxx/CVE-2017-2489.json index 42fba16bd1d..1e8770a0e43 100644 --- a/2017/2xxx/CVE-2017-2489.json +++ b/2017/2xxx/CVE-2017-2489.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41798", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41798/" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "97300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97300" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "41798", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41798/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2592.json b/2017/2xxx/CVE-2017-2592.json index faf93b574bf..9f6f3eb07b5 100644 --- a/2017/2xxx/CVE-2017-2592.json +++ b/2017/2xxx/CVE-2017-2592.json @@ -1,133 +1,133 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2592", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "python-oslo-middleware", - "version" : { - "version_data" : [ - { - "version_value" : "python-oslo-middleware 3.8.1" - }, - { - "version_value" : " python-oslo-middleware 3.19.1" - }, - { - "version_value" : " python-oslo-middleware 3.23.1" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-532" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2592", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "python-oslo-middleware", + "version": { + "version_data": [ + { + "version_value": "python-oslo-middleware 3.8.1" + }, + { + "version_value": " python-oslo-middleware 3.19.1" + }, + { + "version_value": " python-oslo-middleware 3.23.1" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031", - "refsource" : "MISC", - "url" : "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031" - }, - { - "name" : "https://review.openstack.org/#/c/425730/", - "refsource" : "MISC", - "url" : "https://review.openstack.org/#/c/425730/" - }, - { - "name" : "https://review.openstack.org/#/c/425732/", - "refsource" : "MISC", - "url" : "https://review.openstack.org/#/c/425732/" - }, - { - "name" : "https://review.openstack.org/#/c/425734/", - "refsource" : "MISC", - "url" : "https://review.openstack.org/#/c/425734/" - }, - { - "name" : "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html", - "refsource" : "CONFIRM", - "url" : "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html" - }, - { - "name" : "https://access.redhat.com/errata/RHSA-2017:0300", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/errata/RHSA-2017:0300" - }, - { - "name" : "https://access.redhat.com/errata/RHSA-2017:0435", - "refsource" : "CONFIRM", - "url" : "https://access.redhat.com/errata/RHSA-2017:0435" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592" - }, - { - "name" : "RHSA-2017:0300", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0300.html" - }, - { - "name" : "RHSA-2017:0435", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0435.html" - }, - { - "name" : "USN-3666-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3666-1/" - }, - { - "name" : "95827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-532" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://review.openstack.org/#/c/425732/", + "refsource": "MISC", + "url": "https://review.openstack.org/#/c/425732/" + }, + { + "name": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html", + "refsource": "CONFIRM", + "url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html" + }, + { + "name": "RHSA-2017:0300", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html" + }, + { + "name": "https://access.redhat.com/errata/RHSA-2017:0300", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/errata/RHSA-2017:0300" + }, + { + "name": "RHSA-2017:0435", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592" + }, + { + "name": "95827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95827" + }, + { + "name": "https://review.openstack.org/#/c/425730/", + "refsource": "MISC", + "url": "https://review.openstack.org/#/c/425730/" + }, + { + "name": "https://review.openstack.org/#/c/425734/", + "refsource": "MISC", + "url": "https://review.openstack.org/#/c/425734/" + }, + { + "name": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031", + "refsource": "MISC", + "url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031" + }, + { + "name": "https://access.redhat.com/errata/RHSA-2017:0435", + "refsource": "CONFIRM", + "url": "https://access.redhat.com/errata/RHSA-2017:0435" + }, + { + "name": "USN-3666-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3666-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2656.json b/2017/2xxx/CVE-2017-2656.json index 74956571aed..f74268a1d6a 100644 --- a/2017/2xxx/CVE-2017-2656.json +++ b/2017/2xxx/CVE-2017-2656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2656", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6320. Reason: This candidate is a reservation duplicate of CVE-2016-6320. Notes: All CVE users should reference CVE-2016-6320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2656", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6320. Reason: This candidate is a reservation duplicate of CVE-2016-6320. Notes: All CVE users should reference CVE-2016-6320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2909.json b/2017/2xxx/CVE-2017-2909.json index 8a325e80bec..f4b7aed0a33 100644 --- a/2017/2xxx/CVE-2017-2909.json +++ b/2017/2xxx/CVE-2017-2909.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-10-31T00:00:00", - "ID" : "CVE-2017-2909", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Mongoose", - "version" : { - "version_data" : [ - { - "version_value" : "6.8" - } - ] - } - } - ] - }, - "vendor_name" : "Cesanta" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-10-31T00:00:00", + "ID": "CVE-2017-2909", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Mongoose", + "version": { + "version_data": [ + { + "version_value": "6.8" + } + ] + } + } + ] + }, + "vendor_name": "Cesanta" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11345.json b/2018/11xxx/CVE-2018-11345.json index af52fa9a750..6adf8c18804 100644 --- a/2018/11xxx/CVE-2018-11345.json +++ b/2018/11xxx/CVE-2018-11345.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/2" - }, - { - "name" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation", - "refsource" : "MISC", - "url" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation" - }, - { - "name" : "https://github.com/mefulton/asustorexploit", - "refsource" : "MISC", - "url" : "https://github.com/mefulton/asustorexploit" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation", + "refsource": "MISC", + "url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation" + }, + { + "name": "https://github.com/mefulton/asustorexploit", + "refsource": "MISC", + "url": "https://github.com/mefulton/asustorexploit" + }, + { + "name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/2" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11470.json b/2018/11xxx/CVE-2018-11470.json index 39439a1de4c..84dddf80db0 100644 --- a/2018/11xxx/CVE-2018-11470.json +++ b/2018/11xxx/CVE-2018-11470.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "iScripts eSwap v2.4 has SQL injection via the \"search.php\" 'Told' parameter in the User Panel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md", - "refsource" : "MISC", - "url" : "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "iScripts eSwap v2.4 has SQL injection via the \"search.php\" 'Told' parameter in the User Panel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md", + "refsource": "MISC", + "url": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11700.json b/2018/11xxx/CVE-2018-11700.json index 3dbdb08dce5..35f6c0da93e 100644 --- a/2018/11xxx/CVE-2018-11700.json +++ b/2018/11xxx/CVE-2018-11700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11858.json b/2018/11xxx/CVE-2018-11858.json index 222d3168f8d..19266f3f009 100644 --- a/2018/11xxx/CVE-2018-11858.json +++ b/2018/11xxx/CVE-2018-11858.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11858", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Mobile", - "version" : { - "version_data" : [ - { - "version_value" : "SD 835, SD 845, SD 850" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Possible buffer overwrite in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11858", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Mobile", + "version": { + "version_data": [ + { + "version_value": "SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Possible buffer overwrite in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14229.json b/2018/14xxx/CVE-2018-14229.json index 8d901c39f17..8ec2d7a22f0 100644 --- a/2018/14xxx/CVE-2018-14229.json +++ b/2018/14xxx/CVE-2018-14229.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14229", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14229", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14770.json b/2018/14xxx/CVE-2018-14770.json index 6d977f10ab4..afad8d19751 100644 --- a/2018/14xxx/CVE-2018-14770.json +++ b/2018/14xxx/CVE-2018-14770.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vivotek.com/website/support/cybersecurity/", - "refsource" : "MISC", - "url" : "https://www.vivotek.com/website/support/cybersecurity/" - }, - { - "name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vivotek.com/website/support/cybersecurity/", + "refsource": "MISC", + "url": "https://www.vivotek.com/website/support/cybersecurity/" + }, + { + "name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", + "refsource": "CONFIRM", + "url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14923.json b/2018/14xxx/CVE-2018-14923.json index b697932e09a..8758b8b18a1 100644 --- a/2018/14xxx/CVE-2018-14923.json +++ b/2018/14xxx/CVE-2018-14923.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cnvd.org.cn/flaw/show/1325763", - "refsource" : "MISC", - "url" : "http://www.cnvd.org.cn/flaw/show/1325763" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cnvd.org.cn/flaw/show/1325763", + "refsource": "MISC", + "url": "http://www.cnvd.org.cn/flaw/show/1325763" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15169.json b/2018/15xxx/CVE-2018-15169.json index c18ca721b71..76f3bd4d584 100644 --- a/2018/15xxx/CVE-2018-15169.json +++ b/2018/15xxx/CVE-2018-15169.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15169", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15169", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/x-f1v3/ForCve/issues/3", - "refsource" : "MISC", - "url" : "https://github.com/x-f1v3/ForCve/issues/3" - }, - { - "name" : "https://www.manageengine.com/products/applications_manager/issues.html", - "refsource" : "MISC", - "url" : "https://www.manageengine.com/products/applications_manager/issues.html" - }, - { - "name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/applications_manager/issues.html", + "refsource": "MISC", + "url": "https://www.manageengine.com/products/applications_manager/issues.html" + }, + { + "name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html" + }, + { + "name": "https://github.com/x-f1v3/ForCve/issues/3", + "refsource": "MISC", + "url": "https://github.com/x-f1v3/ForCve/issues/3" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15222.json b/2018/15xxx/CVE-2018-15222.json index a45485a7842..b643ac4f217 100644 --- a/2018/15xxx/CVE-2018-15222.json +++ b/2018/15xxx/CVE-2018-15222.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15222", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15222", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/8xxx/CVE-2018-8259.json b/2018/8xxx/CVE-2018-8259.json index 0361277b0d9..43725ecbf0c 100644 --- a/2018/8xxx/CVE-2018-8259.json +++ b/2018/8xxx/CVE-2018-8259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-8259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-8259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file