From db31104f56cb02d15dc59e40617899113ec2d2d2 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:29:42 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0495.json | 150 ++++++------- 2002/0xxx/CVE-2002-0747.json | 120 +++++------ 2002/0xxx/CVE-2002-0777.json | 140 ++++++------- 2002/2xxx/CVE-2002-2409.json | 140 ++++++------- 2005/0xxx/CVE-2005-0541.json | 150 ++++++------- 2005/0xxx/CVE-2005-0894.json | 140 ++++++------- 2005/0xxx/CVE-2005-0984.json | 150 ++++++------- 2005/1xxx/CVE-2005-1391.json | 240 ++++++++++----------- 2005/1xxx/CVE-2005-1686.json | 190 ++++++++--------- 2009/0xxx/CVE-2009-0573.json | 140 ++++++------- 2009/0xxx/CVE-2009-0734.json | 150 ++++++------- 2009/1xxx/CVE-2009-1009.json | 180 ++++++++-------- 2009/1xxx/CVE-2009-1116.json | 34 +-- 2009/1xxx/CVE-2009-1142.json | 34 +-- 2009/1xxx/CVE-2009-1312.json | 370 ++++++++++++++++----------------- 2009/1xxx/CVE-2009-1319.json | 140 ++++++------- 2009/1xxx/CVE-2009-1445.json | 150 ++++++------- 2009/1xxx/CVE-2009-1485.json | 140 ++++++------- 2009/1xxx/CVE-2009-1599.json | 130 ++++++------ 2009/5xxx/CVE-2009-5104.json | 34 +-- 2012/2xxx/CVE-2012-2230.json | 140 ++++++------- 2012/2xxx/CVE-2012-2430.json | 34 +-- 2012/2xxx/CVE-2012-2623.json | 34 +-- 2012/2xxx/CVE-2012-2865.json | 160 +++++++------- 2012/3xxx/CVE-2012-3443.json | 170 +++++++-------- 2012/3xxx/CVE-2012-3604.json | 170 +++++++-------- 2012/3xxx/CVE-2012-3634.json | 170 +++++++-------- 2012/3xxx/CVE-2012-3709.json | 190 ++++++++--------- 2012/3xxx/CVE-2012-3799.json | 190 ++++++++--------- 2012/4xxx/CVE-2012-4040.json | 34 +-- 2012/6xxx/CVE-2012-6437.json | 120 +++++------ 2012/6xxx/CVE-2012-6581.json | 120 +++++------ 2012/6xxx/CVE-2012-6612.json | 150 ++++++------- 2015/5xxx/CVE-2015-5910.json | 140 ++++++------- 2017/2xxx/CVE-2017-2156.json | 140 ++++++------- 2017/2xxx/CVE-2017-2221.json | 120 +++++------ 2017/2xxx/CVE-2017-2473.json | 180 ++++++++-------- 2017/2xxx/CVE-2017-2616.json | 210 +++++++++---------- 2017/6xxx/CVE-2017-6623.json | 130 ++++++------ 2017/6xxx/CVE-2017-6878.json | 140 ++++++------- 2018/11xxx/CVE-2018-11116.json | 120 +++++------ 2018/11xxx/CVE-2018-11463.json | 154 +++++++------- 2018/11xxx/CVE-2018-11472.json | 130 ++++++------ 2018/14xxx/CVE-2018-14113.json | 34 +-- 2018/14xxx/CVE-2018-14283.json | 130 ++++++------ 2018/14xxx/CVE-2018-14771.json | 130 ++++++------ 2018/14xxx/CVE-2018-14951.json | 140 ++++++------- 2018/15xxx/CVE-2018-15141.json | 140 ++++++------- 2018/15xxx/CVE-2018-15292.json | 34 +-- 2018/15xxx/CVE-2018-15661.json | 120 +++++------ 2018/15xxx/CVE-2018-15688.json | 252 +++++++++++----------- 2018/15xxx/CVE-2018-15983.json | 130 ++++++------ 2018/20xxx/CVE-2018-20253.json | 130 ++++++------ 2018/8xxx/CVE-2018-8118.json | 242 ++++++++++----------- 2018/8xxx/CVE-2018-8416.json | 150 ++++++------- 2018/8xxx/CVE-2018-8810.json | 120 +++++------ 56 files changed, 3910 insertions(+), 3910 deletions(-) diff --git a/2002/0xxx/CVE-2002-0495.json b/2002/0xxx/CVE-2002-0495.json index 70b70c98a88..34f15f339ef 100644 --- a/2002/0xxx/CVE-2002-0495.json +++ b/2002/0xxx/CVE-2002-0495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/264169" - }, - { - "name" : "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7", - "refsource" : "MISC", - "url" : "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7" - }, - { - "name" : "4368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4368" - }, - { - "name" : "cssearch-url-execute-commands(8636)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8636.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4368" + }, + { + "name": "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7", + "refsource": "MISC", + "url": "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7" + }, + { + "name": "cssearch-url-execute-commands(8636)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8636.php" + }, + { + "name": "20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/264169" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0747.json b/2002/0xxx/CVE-2002-0747.json index f50ac07931b..d4b2d2cd77c 100644 --- a/2002/0xxx/CVE-2002-0747.json +++ b/2002/0xxx/CVE-2002-0747.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0747", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in lsmcode in AIX 4.3.3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0747", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY29589", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in lsmcode in AIX 4.3.3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY29589", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0777.json b/2002/0xxx/CVE-2002-0777.json index c0c56b27e08..6f9c7747b6d 100644 --- a/2002/0xxx/CVE-2002-0777.json +++ b/2002/0xxx/CVE-2002-0777.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0777", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0777", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html" - }, - { - "name" : "imail-ldap-bo(9116)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9116.php" - }, - { - "name" : "4780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4780" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imail-ldap-bo(9116)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9116.php" + }, + { + "name": "4780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4780" + }, + { + "name": "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2409.json b/2002/2xxx/CVE-2002-2409.json index d35a095cc37..1d0d04a1363 100644 --- a/2002/2xxx/CVE-2002-2409.json +++ b/2002/2xxx/CVE-2002-2409.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021119 Clipboard in QNX Photon", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html" - }, - { - "name" : "6207", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6207" - }, - { - "name" : "qnx-photon-view-clipboard(10658)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10658.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "qnx-photon-view-clipboard(10658)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10658.php" + }, + { + "name": "6207", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6207" + }, + { + "name": "20021119 Clipboard in QNX Photon", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0541.json b/2005/0xxx/CVE-2005-0541.json index e9c5012e7e4..5dab57d1bb0 100644 --- a/2005/0xxx/CVE-2005-0541.json +++ b/2005/0xxx/CVE-2005-0541.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050224 Cyclades AlterPath Manager Vulnerabilities", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" - }, - { - "name" : "http://www.cirt.net/advisories/alterpath_console.shtml", - "refsource" : "MISC", - "url" : "http://www.cirt.net/advisories/alterpath_console.shtml" - }, - { - "name" : "14075", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/14075" - }, - { - "name" : "14378", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14378" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "14378", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14378" + }, + { + "name": "20050224 Cyclades AlterPath Manager Vulnerabilities", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" + }, + { + "name": "http://www.cirt.net/advisories/alterpath_console.shtml", + "refsource": "MISC", + "url": "http://www.cirt.net/advisories/alterpath_console.shtml" + }, + { + "name": "14075", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/14075" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0894.json b/2005/0xxx/CVE-2005-0894.json index 15fcb1a1543..fd15665d180 100644 --- a/2005/0xxx/CVE-2005-0894.json +++ b/2005/0xxx/CVE-2005-0894.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0894", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0894", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050325 RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111176899423078&w=2" - }, - { - "name" : "12902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12902" - }, - { - "name" : "14693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12902" + }, + { + "name": "14693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14693" + }, + { + "name": "20050325 RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111176899423078&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0984.json b/2005/0xxx/CVE-2005-0984.json index 9f2eacad588..e24e220c073 100644 --- a/2005/0xxx/CVE-2005-0984.json +++ b/2005/0xxx/CVE-2005-0984.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-0984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050402 In-game server buffer-overflow in Jedi Academy 1.011", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111246855213653&w=2" - }, - { - "name" : "http://aluigi.altervista.org/adv/jamsgbof-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/jamsgbof-adv.txt" - }, - { - "name" : "12977", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12977" - }, - { - "name" : "14809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "12977", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12977" + }, + { + "name": "14809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14809" + }, + { + "name": "http://aluigi.altervista.org/adv/jamsgbof-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/jamsgbof-adv.txt" + }, + { + "name": "20050402 In-game server buffer-overflow in Jedi Academy 1.011", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111246855213653&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1391.json b/2005/1xxx/CVE-2005-1391.json index 557aa8a8389..88b21c299c9 100644 --- a/2005/1xxx/CVE-2005-1391.json +++ b/2005/1xxx/CVE-2005-1391.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header", - "refsource" : "MLIST", - "url" : "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852" - }, - { - "name" : "DSA-934", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-934" - }, - { - "name" : "GLSA-200504-29", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200504-29.xml" - }, - { - "name" : "13436", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13436" - }, - { - "name" : "ADV-2005-0437", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0437" - }, - { - "name" : "15963", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15963" - }, - { - "name" : "1013824", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013824" - }, - { - "name" : "15142", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15142" - }, - { - "name" : "15202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15202" - }, - { - "name" : "15679", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15679" - }, - { - "name" : "18381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18381" - }, - { - "name" : "pound-addport-bo(20316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-934", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-934" + }, + { + "name": "1013824", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013824" + }, + { + "name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header", + "refsource": "MLIST", + "url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852" + }, + { + "name": "15963", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15963" + }, + { + "name": "15202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15202" + }, + { + "name": "GLSA-200504-29", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200504-29.xml" + }, + { + "name": "ADV-2005-0437", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0437" + }, + { + "name": "15679", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15679" + }, + { + "name": "pound-addport-bo(20316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316" + }, + { + "name": "13436", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13436" + }, + { + "name": "18381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18381" + }, + { + "name": "15142", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15142" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1686.json b/2005/1xxx/CVE-2005-1686.json index cb5a878fffc..7cfcb5789b9 100644 --- a/2005/1xxx/CVE-2005-1686.json +++ b/2005/1xxx/CVE-2005-1686.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050520 pst.advisory: gedit fun. opensource is god .lol windows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111661117701398&w=2" - }, - { - "name" : "DSA-753", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2005/dsa-753" - }, - { - "name" : "GLSA-200506-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200506-09.xml" - }, - { - "name" : "RHSA-2005:499", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-499.html" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "USN-138-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/138-1/" - }, - { - "name" : "oval:org.mitre.oval:def:1245", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245" - }, - { - "name" : "oval:org.mitre.oval:def:9845", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:499", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-499.html" + }, + { + "name": "DSA-753", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2005/dsa-753" + }, + { + "name": "USN-138-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/138-1/" + }, + { + "name": "oval:org.mitre.oval:def:9845", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845" + }, + { + "name": "20050520 pst.advisory: gedit fun. opensource is god .lol windows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111661117701398&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1245", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245" + }, + { + "name": "GLSA-200506-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200506-09.xml" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0573.json b/2009/0xxx/CVE-2009-0573.json index c8b7c745dc1..46b97c96a7a 100644 --- a/2009/0xxx/CVE-2009-0573.json +++ b/2009/0xxx/CVE-2009-0573.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf", - "refsource" : "MISC", - "url" : "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf" - }, - { - "name" : "33677", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33677" - }, - { - "name" : "33879", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33879" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33677", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33677" + }, + { + "name": "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf", + "refsource": "MISC", + "url": "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf" + }, + { + "name": "33879", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33879" + } + ] + } +} \ No newline at end of file diff --git a/2009/0xxx/CVE-2009-0734.json b/2009/0xxx/CVE-2009-0734.json index 88931a638ef..c142652a01f 100644 --- a/2009/0xxx/CVE-2009-0734.json +++ b/2009/0xxx/CVE-2009-0734.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/500627/100/0/threaded" - }, - { - "name" : "51739", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/51739" - }, - { - "name" : "33796", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33796" - }, - { - "name" : "ADV-2009-0318", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0318" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33796", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33796" + }, + { + "name": "20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/500627/100/0/threaded" + }, + { + "name": "51739", + "refsource": "OSVDB", + "url": "http://osvdb.org/51739" + }, + { + "name": "ADV-2009-0318", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0318" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1009.json b/2009/1xxx/CVE-2009-1009.json index e052b959810..31b6b09dfa9 100644 --- a/2009/1xxx/CVE-2009-1009.json +++ b/2009/1xxx/CVE-2009-1009.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1009", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1009", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "TA09-105A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" - }, - { - "name" : "34461", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34461" - }, - { - "name" : "53748", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53748" - }, - { - "name" : "1022055", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022055" - }, - { - "name" : "34693", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34693" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1022055", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022055" + }, + { + "name": "34461", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34461" + }, + { + "name": "53748", + "refsource": "OSVDB", + "url": "http://osvdb.org/53748" + }, + { + "name": "34693", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34693" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "TA09-105A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1116.json b/2009/1xxx/CVE-2009-1116.json index 0d84eee180f..9aed6f71119 100644 --- a/2009/1xxx/CVE-2009-1116.json +++ b/2009/1xxx/CVE-2009-1116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1142.json b/2009/1xxx/CVE-2009-1142.json index 94b4fa1d02a..a275252ffb7 100644 --- a/2009/1xxx/CVE-2009-1142.json +++ b/2009/1xxx/CVE-2009-1142.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1142", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1142", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1312.json b/2009/1xxx/CVE-2009-1312.json index 2b3892aedba..a86a1a9ef2e 100644 --- a/2009/1xxx/CVE-2009-1312.json +++ b/2009/1xxx/CVE-2009-1312.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1312", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1312", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504718/100/0/threaded" - }, - { - "name" : "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504723/100/0/threaded" - }, - { - "name" : "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/", - "refsource" : "MISC", - "url" : "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/" - }, - { - "name" : "http://websecurity.com.ua/3275/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3275/" - }, - { - "name" : "http://websecurity.com.ua/3386/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/3386/" - }, - { - "name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475636", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475636" - }, - { - "name" : "FEDORA-2009-3875", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" - }, - { - "name" : "MDVSA-2009:111", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" - }, - { - "name" : "RHSA-2009:0436", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" - }, - { - "name" : "RHSA-2009:0437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html" - }, - { - "name" : "264308", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" - }, - { - "name" : "SUSE-SR:2009:010", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" - }, - { - "name" : "USN-764-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/764-1/" - }, - { - "name" : "34656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34656" - }, - { - "name" : "oval:org.mitre.oval:def:6064", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064" - }, - { - "name" : "oval:org.mitre.oval:def:6131", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131" - }, - { - "name" : "oval:org.mitre.oval:def:6731", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731" - }, - { - "name" : "oval:org.mitre.oval:def:9818", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818" - }, - { - "name" : "1022096", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022096" - }, - { - "name" : "34758", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34758" - }, - { - "name" : "34894", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34894" - }, - { - "name" : "34843", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34843" - }, - { - "name" : "34844", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34844" - }, - { - "name" : "35065", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35065" - }, - { - "name" : "ADV-2009-1125", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDVSA-2009:111", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" + }, + { + "name": "FEDORA-2009-3875", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" + }, + { + "name": "34894", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34894" + }, + { + "name": "ADV-2009-1125", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1125" + }, + { + "name": "oval:org.mitre.oval:def:9818", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818" + }, + { + "name": "34758", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34758" + }, + { + "name": "oval:org.mitre.oval:def:6131", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131" + }, + { + "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html" + }, + { + "name": "http://websecurity.com.ua/3386/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3386/" + }, + { + "name": "1022096", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022096" + }, + { + "name": "oval:org.mitre.oval:def:6064", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064" + }, + { + "name": "34844", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34844" + }, + { + "name": "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/", + "refsource": "MISC", + "url": "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475636", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475636" + }, + { + "name": "http://websecurity.com.ua/3275/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/3275/" + }, + { + "name": "35065", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35065" + }, + { + "name": "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504723/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:6731", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731" + }, + { + "name": "USN-764-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/764-1/" + }, + { + "name": "SUSE-SR:2009:010", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" + }, + { + "name": "34656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34656" + }, + { + "name": "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504718/100/0/threaded" + }, + { + "name": "34843", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34843" + }, + { + "name": "RHSA-2009:0437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html" + }, + { + "name": "RHSA-2009:0436", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html" + }, + { + "name": "264308", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1319.json b/2009/1xxx/CVE-2009-1319.json index 1c729aa1cb4..0b7fdba307c 100644 --- a/2009/1xxx/CVE-2009-1319.json +++ b/2009/1xxx/CVE-2009-1319.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1319", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1319", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8431", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8431" - }, - { - "name" : "34519", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34519" - }, - { - "name" : "34721", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34519", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34519" + }, + { + "name": "34721", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34721" + }, + { + "name": "8431", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8431" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1445.json b/2009/1xxx/CVE-2009-1445.json index cf03b524857..714814fb3ca 100644 --- a/2009/1xxx/CVE-2009-1445.json +++ b/2009/1xxx/CVE-2009-1445.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8516", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8516" - }, - { - "name" : "34687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34687" - }, - { - "name" : "54119", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54119" - }, - { - "name" : "54120", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "54120", + "refsource": "OSVDB", + "url": "http://osvdb.org/54120" + }, + { + "name": "54119", + "refsource": "OSVDB", + "url": "http://osvdb.org/54119" + }, + { + "name": "8516", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8516" + }, + { + "name": "34687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34687" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1485.json b/2009/1xxx/CVE-2009-1485.json index 7500f51e9a2..55906441457 100644 --- a/2009/1xxx/CVE-2009-1485.json +++ b/2009/1xxx/CVE-2009-1485.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1485", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1485", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=676726", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=676726" - }, - { - "name" : "34799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34799" - }, - { - "name" : "emuleplus-logging-dos(50081)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50081" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=676726", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=676726" + }, + { + "name": "emuleplus-logging-dos(50081)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50081" + }, + { + "name": "34799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34799" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1599.json b/2009/1xxx/CVE-2009-1599.json index e22679dbfae..eb9e5382a81 100644 --- a/2009/1xxx/CVE-2009-1599.json +++ b/2009/1xxx/CVE-2009-1599.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1599", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1599", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503183/100/0/threaded" - }, - { - "name" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf", - "refsource" : "MISC", - "url" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf", + "refsource": "MISC", + "url": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf" + }, + { + "name": "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503183/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5104.json b/2009/5xxx/CVE-2009-5104.json index 62abb048878..42351decafc 100644 --- a/2009/5xxx/CVE-2009-5104.json +++ b/2009/5xxx/CVE-2009-5104.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5104", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5104", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2230.json b/2012/2xxx/CVE-2012-2230.json index d5755b3fe7b..9276c8d4d90 100644 --- a/2012/2xxx/CVE-2012-2230.json +++ b/2012/2xxx/CVE-2012-2230.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin", - "refsource" : "CONFIRM", - "url" : "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin" - }, - { - "name" : "48776", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48776" - }, - { - "name" : "cloudera-taskcontroller-spoofing(74823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cloudera-taskcontroller-spoofing(74823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74823" + }, + { + "name": "48776", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48776" + }, + { + "name": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin", + "refsource": "CONFIRM", + "url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2430.json b/2012/2xxx/CVE-2012-2430.json index 12183cb2172..b0aad050e0e 100644 --- a/2012/2xxx/CVE-2012-2430.json +++ b/2012/2xxx/CVE-2012-2430.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2430", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2430", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2623.json b/2012/2xxx/CVE-2012-2623.json index a80a7c575f8..5c866858b28 100644 --- a/2012/2xxx/CVE-2012-2623.json +++ b/2012/2xxx/CVE-2012-2623.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2623", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2623", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2865.json b/2012/2xxx/CVE-2012-2865.json index 1ece327ac15..fe8fe89e86f 100644 --- a/2012/2xxx/CVE-2012-2865.json +++ b/2012/2xxx/CVE-2012-2865.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2865", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2865", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=121347", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=121347" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" - }, - { - "name" : "openSUSE-SU-2012:1215", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" - }, - { - "name" : "85030", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85030" - }, - { - "name" : "oval:org.mitre.oval:def:14866", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" + }, + { + "name": "85030", + "refsource": "OSVDB", + "url": "http://osvdb.org/85030" + }, + { + "name": "oval:org.mitre.oval:def:14866", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=121347", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=121347" + }, + { + "name": "openSUSE-SU-2012:1215", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3443.json b/2012/3xxx/CVE-2012-3443.json index 1c462fb1d3f..44c4d13ba16 100644 --- a/2012/3xxx/CVE-2012-3443.json +++ b/2012/3xxx/CVE-2012-3443.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/1" - }, - { - "name" : "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/2" - }, - { - "name" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", - "refsource" : "CONFIRM", - "url" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" - }, - { - "name" : "DSA-2529", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2529" - }, - { - "name" : "MDVSA-2012:143", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" - }, - { - "name" : "USN-1560-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1560-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/1" + }, + { + "name": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", + "refsource": "CONFIRM", + "url": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" + }, + { + "name": "MDVSA-2012:143", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" + }, + { + "name": "USN-1560-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1560-1" + }, + { + "name": "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/2" + }, + { + "name": "DSA-2529", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2529" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3604.json b/2012/3xxx/CVE-2012-3604.json index 261222deef6..f34c291cb91 100644 --- a/2012/3xxx/CVE-2012-3604.json +++ b/2012/3xxx/CVE-2012-3604.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3634.json b/2012/3xxx/CVE-2012-3634.json index 351702afc47..cacc6d62f0d 100644 --- a/2012/3xxx/CVE-2012-3634.json +++ b/2012/3xxx/CVE-2012-3634.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3709.json b/2012/3xxx/CVE-2012-3709.json index c42cc180571..3a9d076bc0b 100644 --- a/2012/3xxx/CVE-2012-3709.json +++ b/2012/3xxx/CVE-2012-3709.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5502", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5502" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-3", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" - }, - { - "name" : "55534", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55534" - }, - { - "name" : "85392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85392" - }, - { - "name" : "oval:org.mitre.oval:def:17481", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17481" - }, - { - "name" : "apple-itunes-webkit-cve20123709(78550)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78550" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2012-09-19-3", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" + }, + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "http://support.apple.com/kb/HT5502", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5502" + }, + { + "name": "apple-itunes-webkit-cve20123709(78550)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78550" + }, + { + "name": "oval:org.mitre.oval:def:17481", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17481" + }, + { + "name": "55534", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55534" + }, + { + "name": "85392", + "refsource": "OSVDB", + "url": "http://osvdb.org/85392" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3799.json b/2012/3xxx/CVE-2012-3799.json index cd15620d009..f1b25f4b5f9 100644 --- a/2012/3xxx/CVE-2012-3799.json +++ b/2012/3xxx/CVE-2012-3799.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3799", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3799", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" - }, - { - "name" : "http://drupal.org/node/1619830", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1619830" - }, - { - "name" : "http://drupal.org/node/1617952", - "refsource" : "CONFIRM", - "url" : "http://drupal.org/node/1617952" - }, - { - "name" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971", - "refsource" : "CONFIRM", - "url" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971" - }, - { - "name" : "53836", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53836" - }, - { - "name" : "82714", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/82714" - }, - { - "name" : "49393", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49393" - }, - { - "name" : "maestro-unspecified-csrf(76146)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53836", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53836" + }, + { + "name": "82714", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/82714" + }, + { + "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3" + }, + { + "name": "http://drupalcode.org/project/maestro.git/commitdiff/c499971", + "refsource": "CONFIRM", + "url": "http://drupalcode.org/project/maestro.git/commitdiff/c499971" + }, + { + "name": "49393", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49393" + }, + { + "name": "http://drupal.org/node/1617952", + "refsource": "CONFIRM", + "url": "http://drupal.org/node/1617952" + }, + { + "name": "http://drupal.org/node/1619830", + "refsource": "MISC", + "url": "http://drupal.org/node/1619830" + }, + { + "name": "maestro-unspecified-csrf(76146)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76146" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4040.json b/2012/4xxx/CVE-2012-4040.json index 71c02df3ae2..1b02a657e4a 100644 --- a/2012/4xxx/CVE-2012-4040.json +++ b/2012/4xxx/CVE-2012-4040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4040", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4040", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6437.json b/2012/6xxx/CVE-2012-6437.json index d1471a45cc0..d6acdcad8f6 100644 --- a/2012/6xxx/CVE-2012-6437.json +++ b/2012/6xxx/CVE-2012-6437.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6437", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-6437", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6581.json b/2012/6xxx/CVE-2012-6581.json index 85006167868..01efd197268 100644 --- a/2012/6xxx/CVE-2012-6581.json +++ b/2012/6xxx/CVE-2012-6581.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[rt-announce] 20121025 Security vulnerabilities in RT", - "refsource" : "MLIST", - "url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[rt-announce] 20121025 Security vulnerabilities in RT", + "refsource": "MLIST", + "url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6612.json b/2012/6xxx/CVE-2012-6612.json index aa18f251948..46d1400ed2f 100644 --- a/2012/6xxx/CVE-2012-6612.json +++ b/2012/6xxx/CVE-2012-6612.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6612", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6612", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup" - }, - { - "name" : "https://issues.apache.org/jira/browse/SOLR-3895", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/SOLR-3895" - }, - { - "name" : "RHSA-2013:1844", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1844.html" - }, - { - "name" : "RHSA-2014:0029", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2014:0029", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html" + }, + { + "name": "https://issues.apache.org/jira/browse/SOLR-3895", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/SOLR-3895" + }, + { + "name": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup" + }, + { + "name": "RHSA-2013:1844", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html" + } + ] + } +} \ No newline at end of file diff --git a/2015/5xxx/CVE-2015-5910.json b/2015/5xxx/CVE-2015-5910.json index 158af09bd57..cd5259fbf68 100644 --- a/2015/5xxx/CVE-2015-5910.json +++ b/2015/5xxx/CVE-2015-5910.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2015-5910", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2015-5910", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT205217", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT205217" - }, - { - "name" : "APPLE-SA-2015-09-16-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" - }, - { - "name" : "1033596", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1033596" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1033596", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1033596" + }, + { + "name": "https://support.apple.com/HT205217", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT205217" + }, + { + "name": "APPLE-SA-2015-09-16-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2156.json b/2017/2xxx/CVE-2017-2156.json index 968218a3a57..9626f82e3d4 100644 --- a/2017/2xxx/CVE-2017-2156.json +++ b/2017/2xxx/CVE-2017-2156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Vivaldi installer for Windows", - "version" : { - "version_data" : [ - { - "version_value" : "prior to version 1.7.735.48" - } - ] - } - } - ] - }, - "vendor_name" : "Vivaldi Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Vivaldi installer for Windows", + "version": { + "version_data": [ + { + "version_value": "prior to version 1.7.735.48" + } + ] + } + } + ] + }, + "vendor_name": "Vivaldi Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/", - "refsource" : "MISC", - "url" : "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/" - }, - { - "name" : "JVN#71572107", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN71572107/index.html" - }, - { - "name" : "98040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#71572107", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN71572107/index.html" + }, + { + "name": "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/", + "refsource": "MISC", + "url": "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/" + }, + { + "name": "98040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98040" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2221.json b/2017/2xxx/CVE-2017-2221.json index 3e90d9da7f7..814d6fcb5c4 100644 --- a/2017/2xxx/CVE-2017-2221.json +++ b/2017/2xxx/CVE-2017-2221.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2221", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of Baidu IME", - "version" : { - "version_data" : [ - { - "version_value" : "Ver3.6.1.6 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Baidu Japan Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2221", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of Baidu IME", + "version": { + "version_data": [ + { + "version_value": "Ver3.6.1.6 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Baidu Japan Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#17788774", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN17788774/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#17788774", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN17788774/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2473.json b/2017/2xxx/CVE-2017-2473.json index a39f7eb0789..d1c98b8744c 100644 --- a/2017/2xxx/CVE-2017-2473.json +++ b/2017/2xxx/CVE-2017-2473.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41792", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41792/" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "41792", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41792/" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2616.json b/2017/2xxx/CVE-2017-2616.json index e649391b373..33ed483d4f4 100644 --- a/2017/2xxx/CVE-2017-2616.json +++ b/2017/2xxx/CVE-2017-2616.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2616", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "util-linux", - "version" : { - "version_data" : [ - { - "version_value" : "2.32.1" - } - ] - } - } - ] - }, - "vendor_name" : "Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-267" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2616", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "util-linux", + "version": { + "version_data": [ + { + "version_value": "2.32.1" + } + ] + } + } + ] + }, + "vendor_name": "Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616" - }, - { - "name" : "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891", - "refsource" : "CONFIRM", - "url" : "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891" - }, - { - "name" : "DSA-3793", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3793" - }, - { - "name" : "GLSA-201706-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-02" - }, - { - "name" : "RHSA-2017:0654", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0654.html" - }, - { - "name" : "RHSA-2017:0907", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0907" - }, - { - "name" : "96404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96404" - }, - { - "name" : "1038271", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038271" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-267" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616" + }, + { + "name": "96404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96404" + }, + { + "name": "RHSA-2017:0907", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0907" + }, + { + "name": "RHSA-2017:0654", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0654.html" + }, + { + "name": "GLSA-201706-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-02" + }, + { + "name": "DSA-3793", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3793" + }, + { + "name": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891", + "refsource": "CONFIRM", + "url": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891" + }, + { + "name": "1038271", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038271" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6623.json b/2017/6xxx/CVE-2017-6623.json index 96c489ae1a6..b4dd77d9eef 100644 --- a/2017/6xxx/CVE-2017-6623.json +++ b/2017/6xxx/CVE-2017-6623.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6623", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Policy Suite", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Policy Suite" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-264" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6623", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Policy Suite", + "version": { + "version_data": [ + { + "version_value": "Cisco Policy Suite" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps" - }, - { - "name" : "98521", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98521" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-264" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98521", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98521" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6878.json b/2017/6xxx/CVE-2017-6878.json index eb08e4b34c9..5530599f3a3 100644 --- a/2017/6xxx/CVE-2017-6878.json +++ b/2017/6xxx/CVE-2017-6878.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6878", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6878", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170318 [CVE-2017-6878]etInfo5.3.15 Stored Cross Site Scripting", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/49" - }, - { - "name" : "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html" - }, - { - "name" : "96974", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96974" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20170318 [CVE-2017-6878]etInfo5.3.15 Stored Cross Site Scripting", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/49" + }, + { + "name": "96974", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96974" + }, + { + "name": "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11116.json b/2018/11xxx/CVE-2018-11116.json index 59349b7421f..d570eb15781 100644 --- a/2018/11xxx/CVE-2018-11116.json +++ b/2018/11xxx/CVE-2018-11116.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11116", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11116", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html", - "refsource" : "MISC", - "url" : "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html", + "refsource": "MISC", + "url": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11463.json b/2018/11xxx/CVE-2018-11463.json index 0a15004ae33..f85c627076f 100644 --- a/2018/11xxx/CVE-2018-11463.json +++ b/2018/11xxx/CVE-2018-11463.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11463", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", - "version" : { - "version_data" : [ - { - "version_value" : "SINUMERIK 808D V4.7 : All versions" - }, - { - "version_value" : "SINUMERIK 808D V4.8 : All versions" - }, - { - "version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" - }, - { - "version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" - }, - { - "version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-121: Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11463", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", + "version": { + "version_data": [ + { + "version_value": "SINUMERIK 808D V4.7 : All versions" + }, + { + "version_value": "SINUMERIK 808D V4.8 : All versions" + }, + { + "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" + }, + { + "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" + }, + { + "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" - }, - { - "name" : "106185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-121: Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106185" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11472.json b/2018/11xxx/CVE-2018-11472.json index b4c097121a2..b87f5392e11 100644 --- a/2018/11xxx/CVE-2018-11472.json +++ b/2018/11xxx/CVE-2018-11472.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11472", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11472", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/445", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/445" - }, - { - "name" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-", - "refsource" : "MISC", - "url" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-", + "refsource": "MISC", + "url": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-" + }, + { + "name": "https://github.com/monstra-cms/monstra/issues/445", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/445" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14113.json b/2018/14xxx/CVE-2018-14113.json index c140e93c0df..fb5b5e2b9d4 100644 --- a/2018/14xxx/CVE-2018-14113.json +++ b/2018/14xxx/CVE-2018-14113.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14113", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14113", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14283.json b/2018/14xxx/CVE-2018-14283.json index 2a7cc8151ee..7ccb3d4ff1c 100644 --- a/2018/14xxx/CVE-2018-14283.json +++ b/2018/14xxx/CVE-2018-14283.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14283", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14283", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-743", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-743" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-743", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-743" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14771.json b/2018/14xxx/CVE-2018-14771.json index 1fca6d81725..3776c13c2bb 100644 --- a/2018/14xxx/CVE-2018-14771.json +++ b/2018/14xxx/CVE-2018-14771.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14771", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14771", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vivotek.com/website/support/cybersecurity/", - "refsource" : "MISC", - "url" : "https://www.vivotek.com/website/support/cybersecurity/" - }, - { - "name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vivotek.com/website/support/cybersecurity/", + "refsource": "MISC", + "url": "https://www.vivotek.com/website/support/cybersecurity/" + }, + { + "name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", + "refsource": "CONFIRM", + "url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14951.json b/2018/14xxx/CVE-2018-14951.json index 25f6b1160f9..54242f7717b 100644 --- a/2018/14xxx/CVE-2018-14951.json +++ b/2018/14xxx/CVE-2018-14951.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14951", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"