diff --git a/2002/0xxx/CVE-2002-0568.json b/2002/0xxx/CVE-2002-0568.json index ea0a4fea76d..02a8cfeb4a7 100644 --- a/2002/0xxx/CVE-2002-0568.json +++ b/2002/0xxx/CVE-2002-0568.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020206 Hackproofing Oracle Application Server paper", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "VU#476619", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/476619" - }, - { - "name" : "http://www.nextgenss.com/papers/hpoas.pdf", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/papers/hpoas.pdf" - }, - { - "name" : "4290", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020206 Hackproofing Oracle Application Server paper", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2" + }, + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "4290", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4290" + }, + { + "name": "http://www.nextgenss.com/papers/hpoas.pdf", + "refsource": "MISC", + "url": "http://www.nextgenss.com/papers/hpoas.pdf" + }, + { + "name": "VU#476619", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/476619" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0761.json b/2002/0xxx/CVE-2002-0761.json index 2255046e5b9..719134d5024 100644 --- a/2002/0xxx/CVE-2002-0761.json +++ b/2002/0xxx/CVE-2002-0761.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:25", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" - }, - { - "name" : "CSSA-2002-039.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" - }, - { - "name" : "bzip2-compression-symlink(9128)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9128.php" - }, - { - "name" : "4776", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bzip2-compression-symlink(9128)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9128.php" + }, + { + "name": "CSSA-2002-039.0", + "refsource": "CALDERA", + "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt" + }, + { + "name": "4776", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4776" + }, + { + "name": "FreeBSD-SA-02:25", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1886.json b/2002/1xxx/CVE-2002-1886.json index d7364963794..e3c190291c2 100644 --- a/2002/1xxx/CVE-2002-1886.json +++ b/2002/1xxx/CVE-2002-1886.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1886", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1886", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021002 Multiple Web Security Holes", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html" - }, - { - "name" : "5850", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5850" - }, - { - "name" : "tightauction-config-information-disclosure(10310)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10310.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5850", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5850" + }, + { + "name": "tightauction-config-information-disclosure(10310)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10310.php" + }, + { + "name": "20021002 Multiple Web Security Holes", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2130.json b/2002/2xxx/CVE-2002-2130.json index 3b29d018b36..981f4488597 100644 --- a/2002/2xxx/CVE-2002-2130.json +++ b/2002/2xxx/CVE-2002-2130.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html" - }, - { - "name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0", - "refsource" : "CONFIRM", - "url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0" - }, - { - "name" : "6489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6489" - }, - { - "name" : "gallery-winxppublishing-command-execution(10943)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10943.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6489" + }, + { + "name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0", + "refsource": "CONFIRM", + "url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0" + }, + { + "name": "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html" + }, + { + "name": "gallery-winxppublishing-command-execution(10943)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10943.php" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1170.json b/2005/1xxx/CVE-2005-1170.json index 76f41e126fa..593cada41fc 100644 --- a/2005/1xxx/CVE-2005-1170.json +++ b/2005/1xxx/CVE-2005-1170.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050416 phpBB datenbank mod has XSS/SQL Injection in the id variable", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111367077709726&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050416 phpBB datenbank mod has XSS/SQL Injection in the id variable", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111367077709726&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1219.json b/2009/1xxx/CVE-2009-1219.json index a0124cf0796..1eaed059b8b 100644 --- a/2009/1xxx/CVE-2009-1219.json +++ b/2009/1xxx/CVE-2009-1219.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1219", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1219", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502320/100/0/threaded" - }, - { - "name" : "http://www.coresecurity.com/content/sun-calendar-express", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/content/sun-calendar-express" - }, - { - "name" : "256228", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1" - }, - { - "name" : "255008", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1" - }, - { - "name" : "34150", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34150" - }, - { - "name" : "ADV-2009-0905", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0905" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2009-0905", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0905" + }, + { + "name": "256228", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1" + }, + { + "name": "34150", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34150" + }, + { + "name": "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502320/100/0/threaded" + }, + { + "name": "255008", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1" + }, + { + "name": "http://www.coresecurity.com/content/sun-calendar-express", + "refsource": "MISC", + "url": "http://www.coresecurity.com/content/sun-calendar-express" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1377.json b/2009/1xxx/CVE-2009-1377.json index ad43e5c9e41..44fc5082546 100644 --- a/2009/1xxx/CVE-2009-1377.json +++ b/2009/1xxx/CVE-2009-1377.json @@ -1,237 +1,237 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug", - "refsource" : "MLIST", - "url" : "http://marc.info/?l=openssl-dev&m=124247675613888&w=2" - }, - { - "name" : "[oss-security] 20090518 Two OpenSSL DTLS remote DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/18/1" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "https://launchpad.net/bugs/cve/2009-1377", - "refsource" : "MISC", - "url" : "https://launchpad.net/bugs/cve/2009-1377" - }, - { - "name" : "http://cvs.openssl.org/chngview?cn=18187", - "refsource" : "CONFIRM", - "url" : "http://cvs.openssl.org/chngview?cn=18187" - }, - { - "name" : "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest", - "refsource" : "CONFIRM", - "url" : "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest" - }, - { - "name" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" - }, - { - "name" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", - "refsource" : "CONFIRM", - "url" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA50", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA50" - }, - { - "name" : "GLSA-200912-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200912-01.xml" - }, - { - "name" : "HPSBMA02492", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "SSRT100079", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "MDVSA-2009:120", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120" - }, - { - "name" : "NetBSD-SA2009-009", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" - }, - { - "name" : "RHSA-2009:1335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html" - }, - { - "name" : "SSA:2010-060-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "USN-792-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-792-1" - }, - { - "name" : "35001", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35001" - }, - { - "name" : "oval:org.mitre.oval:def:6683", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683" - }, - { - "name" : "oval:org.mitre.oval:def:9663", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663" - }, - { - "name" : "1022241", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022241" - }, - { - "name" : "35128", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35128" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35461" - }, - { - "name" : "35571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35571" - }, - { - "name" : "35729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35729" - }, - { - "name" : "37003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37003" - }, - { - "name" : "38761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38761" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "42724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42724" - }, - { - "name" : "42733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42733" - }, - { - "name" : "36533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36533" - }, - { - "name" : "ADV-2009-1377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1377" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42724" + }, + { + "name": "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest", + "refsource": "CONFIRM", + "url": "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest" + }, + { + "name": "SSA:2010-060-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "ADV-2009-1377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1377" + }, + { + "name": "35729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35729" + }, + { + "name": "GLSA-200912-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" + }, + { + "name": "RHSA-2009:1335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" + }, + { + "name": "HPSBMA02492", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "38761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38761" + }, + { + "name": "37003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37003" + }, + { + "name": "oval:org.mitre.oval:def:9663", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1377", + "refsource": "MISC", + "url": "https://launchpad.net/bugs/cve/2009-1377" + }, + { + "name": "36533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36533" + }, + { + "name": "1022241", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022241" + }, + { + "name": "USN-792-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-792-1" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", + "refsource": "CONFIRM", + "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" + }, + { + "name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/18/1" + }, + { + "name": "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug", + "refsource": "MLIST", + "url": "http://marc.info/?l=openssl-dev&m=124247675613888&w=2" + }, + { + "name": "NetBSD-SA2009-009", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" + }, + { + "name": "35001", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35001" + }, + { + "name": "oval:org.mitre.oval:def:6683", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "http://cvs.openssl.org/chngview?cn=18187", + "refsource": "CONFIRM", + "url": "http://cvs.openssl.org/chngview?cn=18187" + }, + { + "name": "MDVSA-2009:120", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120" + }, + { + "name": "35461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35461" + }, + { + "name": "35128", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35128" + }, + { + "name": "35571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35571" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA50", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA50" + }, + { + "name": "SSRT100079", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "42733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42733" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1842.json b/2009/1xxx/CVE-2009-1842.json index 05b5ceceb24..77bc870acfc 100644 --- a/2009/1xxx/CVE-2009-1842.json +++ b/2009/1xxx/CVE-2009-1842.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1842", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1842", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html", - "refsource" : "MISC", - "url" : "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html" - }, - { - "name" : "35117", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35117" - }, - { - "name" : "phpnuke-userlog-sql-injection(50818)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "35117", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35117" + }, + { + "name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html", + "refsource": "MISC", + "url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html" + }, + { + "name": "phpnuke-userlog-sql-injection(50818)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5098.json b/2009/5xxx/CVE-2009-5098.json index 0e52fb7f48c..ba951a1cbf6 100644 --- a/2009/5xxx/CVE-2009-5098.json +++ b/2009/5xxx/CVE-2009-5098.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091013 Palm Pre WebOS version <= 1.1 Floating Point Exception", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507126/100/0/threaded" - }, - { - "name" : "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html", - "refsource" : "MISC", - "url" : "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html" - }, - { - "name" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12", - "refsource" : "CONFIRM", - "url" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12" - }, - { - "name" : "36936", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36936" - }, - { - "name" : "8373", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/8373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20091013 Palm Pre WebOS version <= 1.1 Floating Point Exception", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507126/100/0/threaded" + }, + { + "name": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12", + "refsource": "CONFIRM", + "url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12" + }, + { + "name": "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html", + "refsource": "MISC", + "url": "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html" + }, + { + "name": "8373", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/8373" + }, + { + "name": "36936", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36936" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0244.json b/2012/0xxx/CVE-2012-0244.json index 76c6db15866..f2f031f4d10 100644 --- a/2012/0xxx/CVE-2012-0244.json +++ b/2012/0xxx/CVE-2012-0244.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0409.json b/2012/0xxx/CVE-2012-0409.json index 2e41e4572bb..e965c2237ce 100644 --- a/2012/0xxx/CVE-2012-0409.json +++ b/2012/0xxx/CVE-2012-0409.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0409", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0409", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/522835" - }, - { - "name" : "53682", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53682" - }, - { - "name" : "1027100", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53682", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53682" + }, + { + "name": "1027100", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027100" + }, + { + "name": "20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/522835" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0769.json b/2012/0xxx/CVE-2012-0769.json index dca224a6555..a82e6b57574 100644 --- a/2012/0xxx/CVE-2012-0769.json +++ b/2012/0xxx/CVE-2012-0769.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "SUSE-SU-2012:0332", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html" - }, - { - "name" : "openSUSE-SU-2012:0331", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:14828", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14828" - }, - { - "name" : "oval:org.mitre.oval:def:16212", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16212" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14828", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14828" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-05.html" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "oval:org.mitre.oval:def:16212", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16212" + }, + { + "name": "SUSE-SU-2012:0332", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html" + }, + { + "name": "openSUSE-SU-2012:0331", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0774.json b/2012/0xxx/CVE-2012-0774.json index 1ef2f76f3cb..789982c97ca 100644 --- a/2012/0xxx/CVE-2012-0774.json +++ b/2012/0xxx/CVE-2012-0774.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0774", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0774", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html" - }, - { - "name" : "RHSA-2012:0469", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0469.html" - }, - { - "name" : "SUSE-SU-2012:0522", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0524", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" - }, - { - "name" : "openSUSE-SU-2012:0512", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" - }, - { - "name" : "TA12-101B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" - }, - { - "name" : "52951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52951" - }, - { - "name" : "oval:org.mitre.oval:def:14860", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14860" - }, - { - "name" : "1026908", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026908" - }, - { - "name" : "48756", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48756" - }, - { - "name" : "48846", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2012:0469", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" + }, + { + "name": "48756", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48756" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" + }, + { + "name": "SUSE-SU-2012:0524", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" + }, + { + "name": "48846", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48846" + }, + { + "name": "TA12-101B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" + }, + { + "name": "SUSE-SU-2012:0522", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" + }, + { + "name": "52951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52951" + }, + { + "name": "openSUSE-SU-2012:0512", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" + }, + { + "name": "1026908", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026908" + }, + { + "name": "oval:org.mitre.oval:def:14860", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14860" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0818.json b/2012/0xxx/CVE-2012-0818.json index e23e5ad2747..1c2ba83b15f 100644 --- a/2012/0xxx/CVE-2012-0818.json +++ b/2012/0xxx/CVE-2012-0818.json @@ -1,167 +1,167 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0818", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0818", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=785631", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=785631" - }, - { - "name" : "https://issues.jboss.org/browse/RESTEASY-637", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/RESTEASY-637" - }, - { - "name" : "RHSA-2012:0441", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0441.html" - }, - { - "name" : "RHSA-2012:0519", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0519.html" - }, - { - "name" : "RHSA-2012:1056", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1056.html" - }, - { - "name" : "RHSA-2012:1057", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1057.html" - }, - { - "name" : "RHSA-2012:1058", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1058.html" - }, - { - "name" : "RHSA-2012:1059", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1059.html" - }, - { - "name" : "RHSA-2012:1125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1125.html" - }, - { - "name" : "RHSA-2014:0371", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html" - }, - { - "name" : "RHSA-2014:0372", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html" - }, - { - "name" : "51748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51748" - }, - { - "name" : "51766", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51766" - }, - { - "name" : "78679", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78679" - }, - { - "name" : "47818", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47818" - }, - { - "name" : "47832", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47832" - }, - { - "name" : "50084", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50084" - }, - { - "name" : "48697", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48697" - }, - { - "name" : "48954", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48954" - }, - { - "name" : "57716", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57716" - }, - { - "name" : "57719", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57719" - }, - { - "name" : "resteasy-xml-info-disclosure(72808)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=785631", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631" + }, + { + "name": "RHSA-2012:1059", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html" + }, + { + "name": "51748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51748" + }, + { + "name": "https://issues.jboss.org/browse/RESTEASY-637", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/RESTEASY-637" + }, + { + "name": "RHSA-2012:1056", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html" + }, + { + "name": "RHSA-2012:1058", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html" + }, + { + "name": "51766", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51766" + }, + { + "name": "78679", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78679" + }, + { + "name": "RHSA-2012:0519", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html" + }, + { + "name": "50084", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50084" + }, + { + "name": "RHSA-2014:0371", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html" + }, + { + "name": "RHSA-2012:1057", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html" + }, + { + "name": "resteasy-xml-info-disclosure(72808)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808" + }, + { + "name": "48954", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48954" + }, + { + "name": "RHSA-2012:0441", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html" + }, + { + "name": "47832", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47832" + }, + { + "name": "57719", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57719" + }, + { + "name": "57716", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57716" + }, + { + "name": "47818", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47818" + }, + { + "name": "RHSA-2014:0372", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html" + }, + { + "name": "48697", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48697" + }, + { + "name": "RHSA-2012:1125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1576.json b/2012/1xxx/CVE-2012-1576.json index 2f4348797f4..32552cc3889 100644 --- a/2012/1xxx/CVE-2012-1576.json +++ b/2012/1xxx/CVE-2012-1576.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1576", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1576", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html" - }, - { - "name" : "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/22/3" - }, - { - "name" : "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/23/2" - }, - { - "name" : "http://git.atheme.org/atheme/commit/?id=3d9551761db2", - "refsource" : "CONFIRM", - "url" : "http://git.atheme.org/atheme/commit/?id=3d9551761db2" - }, - { - "name" : "http://jira.atheme.org/browse/SRV-166", - "refsource" : "CONFIRM", - "url" : "http://jira.atheme.org/browse/SRV-166" - }, - { - "name" : "GLSA-201209-09", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-09.xml" - }, - { - "name" : "52675", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52675" - }, - { - "name" : "48481", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48481" - }, - { - "name" : "50704", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50704" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-09", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-09.xml" + }, + { + "name": "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/23/2" + }, + { + "name": "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/22/3" + }, + { + "name": "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html" + }, + { + "name": "50704", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50704" + }, + { + "name": "http://jira.atheme.org/browse/SRV-166", + "refsource": "CONFIRM", + "url": "http://jira.atheme.org/browse/SRV-166" + }, + { + "name": "52675", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52675" + }, + { + "name": "48481", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48481" + }, + { + "name": "http://git.atheme.org/atheme/commit/?id=3d9551761db2", + "refsource": "CONFIRM", + "url": "http://git.atheme.org/atheme/commit/?id=3d9551761db2" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3040.json b/2012/3xxx/CVE-2012-3040.json index 0b217ffea19..e56b61593b2 100644 --- a/2012/3xxx/CVE-2012-3040.json +++ b/2012/3xxx/CVE-2012-3040.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3040", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-3040", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf" - }, - { - "name" : "http://en.securitylab.ru/lab/PT-2012-50", - "refsource" : "MISC", - "url" : "http://en.securitylab.ru/lab/PT-2012-50" - }, - { - "name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf" - }, - { - "name" : "86130", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86130" - }, - { - "name" : "50816", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50816", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50816" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf" + }, + { + "name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf", + "refsource": "CONFIRM", + "url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf" + }, + { + "name": "86130", + "refsource": "OSVDB", + "url": "http://osvdb.org/86130" + }, + { + "name": "http://en.securitylab.ru/lab/PT-2012-50", + "refsource": "MISC", + "url": "http://en.securitylab.ru/lab/PT-2012-50" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3098.json b/2012/3xxx/CVE-2012-3098.json index 1df3e6326e4..701ac37f390 100644 --- a/2012/3xxx/CVE-2012-3098.json +++ b/2012/3xxx/CVE-2012-3098.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3098", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3098", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4722.json b/2012/4xxx/CVE-2012-4722.json index a1bced15ca7..d7b427f4185 100644 --- a/2012/4xxx/CVE-2012-4722.json +++ b/2012/4xxx/CVE-2012-4722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4722", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4722", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4753.json b/2012/4xxx/CVE-2012-4753.json index 3d844af4d18..82ae52289ec 100644 --- a/2012/4xxx/CVE-2012-4753.json +++ b/2012/4xxx/CVE-2012-4753.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4753", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4753", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://owncloud.org/changelog/", - "refsource" : "CONFIRM", - "url" : "http://owncloud.org/changelog/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://owncloud.org/changelog/", + "refsource": "CONFIRM", + "url": "http://owncloud.org/changelog/" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4910.json b/2012/4xxx/CVE-2012-4910.json index 8cabd213ef6..dd3b52aaded 100644 --- a/2012/4xxx/CVE-2012-4910.json +++ b/2012/4xxx/CVE-2012-4910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4910", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4910", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6531.json b/2012/6xxx/CVE-2012-6531.json index de2943ef3bf..9c543840c56 100644 --- a/2012/6xxx/CVE-2012-6531.json +++ b/2012/6xxx/CVE-2012-6531.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120626 Re: XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/26/4" - }, - { - "name" : "[oss-security] 20120626 XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/26/2" - }, - { - "name" : "[oss-security] 20120627 Re: XXE in Zend", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/06/27/2" - }, - { - "name" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" - }, - { - "name" : "http://framework.zend.com/security/advisory/ZF2012-01", - "refsource" : "CONFIRM", - "url" : "http://framework.zend.com/security/advisory/ZF2012-01" - }, - { - "name" : "DSA-2505", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2505" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120627 Re: XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/27/2" + }, + { + "name": "DSA-2505", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2505" + }, + { + "name": "[oss-security] 20120626 Re: XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/26/4" + }, + { + "name": "[oss-security] 20120626 XXE in Zend", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/06/26/2" + }, + { + "name": "http://framework.zend.com/security/advisory/ZF2012-01", + "refsource": "CONFIRM", + "url": "http://framework.zend.com/security/advisory/ZF2012-01" + }, + { + "name": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt", + "refsource": "MISC", + "url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2220.json b/2017/2xxx/CVE-2017-2220.json index b993d73f04a..c721a874e72 100644 --- a/2017/2xxx/CVE-2017-2220.json +++ b/2017/2xxx/CVE-2017-2220.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of CASL II simulator(self-extract format)", - "version" : { - "version_data" : [ - { - "version_value" : "all versions" - } - ] - } - } - ] - }, - "vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of CASL II simulator(self-extract format)", + "version": { + "version_data": [ + { + "version_value": "all versions" + } + ] + } + } + ] + }, + "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html", - "refsource" : "MISC", - "url" : "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html" - }, - { - "name" : "JVN#67305782", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN67305782/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html", + "refsource": "MISC", + "url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html" + }, + { + "name": "JVN#67305782", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN67305782/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2371.json b/2017/2xxx/CVE-2017-2371.json index c8f159217b3..dff0ef5103b 100644 --- a/2017/2xxx/CVE-2017-2371.json +++ b/2017/2xxx/CVE-2017-2371.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2371", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2371", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41451", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41451/" - }, - { - "name" : "https://support.apple.com/HT207482", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207482" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "95735", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95735" - }, - { - "name" : "1037668", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037668" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "41451", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41451/" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207482", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207482" + }, + { + "name": "1037668", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037668" + }, + { + "name": "95735", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95735" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2462.json b/2017/2xxx/CVE-2017-2462.json index bd0cde2d2a6..5af82faf40e 100644 --- a/2017/2xxx/CVE-2017-2462.json +++ b/2017/2xxx/CVE-2017-2462.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://zerodayinitiative.com/advisories/ZDI-17-189/", - "refsource" : "MISC", - "url" : "http://zerodayinitiative.com/advisories/ZDI-17-189/" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "http://zerodayinitiative.com/advisories/ZDI-17-189/", + "refsource": "MISC", + "url": "http://zerodayinitiative.com/advisories/ZDI-17-189/" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2573.json b/2017/2xxx/CVE-2017-2573.json index 320166d1b2e..0464520d5c0 100644 --- a/2017/2xxx/CVE-2017-2573.json +++ b/2017/2xxx/CVE-2017-2573.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2573", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2573", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2802.json b/2017/2xxx/CVE-2017-2802.json index 35664888669..6a72e965e27 100644 --- a/2017/2xxx/CVE-2017-2802.json +++ b/2017/2xxx/CVE-2017-2802.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-30T00:00:00", - "ID" : "CVE-2017-2802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Dell", - "version" : { - "version_data" : [ - { - "version_value" : "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0" - } - ] - } - } - ] - }, - "vendor_name" : "dell" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "dll hijiacking" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-30T00:00:00", + "ID": "CVE-2017-2802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Dell", + "version": { + "version_data": [ + { + "version_value": "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0" + } + ] + } + } + ] + }, + "vendor_name": "dell" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247" - }, - { - "name" : "99360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99360" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "dll hijiacking" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247" + }, + { + "name": "99360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99360" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6000.json b/2017/6xxx/CVE-2017-6000.json index ba376d0063c..051ed386491 100644 --- a/2017/6xxx/CVE-2017-6000.json +++ b/2017/6xxx/CVE-2017-6000.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6000", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6000", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6059.json b/2017/6xxx/CVE-2017-6059.json index 98a020ffd71..8f101d4e923 100644 --- a/2017/6xxx/CVE-2017-6059.json +++ b/2017/6xxx/CVE-2017-6059.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170217 OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/17/6" - }, - { - "name" : "https://github.com/pingidentity/mod_auth_openidc/issues/212", - "refsource" : "MISC", - "url" : "https://github.com/pingidentity/mod_auth_openidc/issues/212" - }, - { - "name" : "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4", - "refsource" : "CONFIRM", - "url" : "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4" - }, - { - "name" : "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4", - "refsource" : "CONFIRM", - "url" : "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4" - }, - { - "name" : "96299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/pingidentity/mod_auth_openidc/issues/212", + "refsource": "MISC", + "url": "https://github.com/pingidentity/mod_auth_openidc/issues/212" + }, + { + "name": "96299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96299" + }, + { + "name": "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4", + "refsource": "CONFIRM", + "url": "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4" + }, + { + "name": "[oss-security] 20170217 OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/17/6" + }, + { + "name": "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4", + "refsource": "CONFIRM", + "url": "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6060.json b/2017/6xxx/CVE-2017-6060.json index 6f477d59d56..3121bc39233 100644 --- a/2017/6xxx/CVE-2017-6060.json +++ b/2017/6xxx/CVE-2017-6060.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170218 mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/18/1" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/" - }, - { - "name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697551", - "refsource" : "MISC", - "url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697551" - }, - { - "name" : "GLSA-201706-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-08" - }, - { - "name" : "96266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96266" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96266" + }, + { + "name": "[oss-security] 20170218 mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/18/1" + }, + { + "name": "GLSA-201706-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-08" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/" + }, + { + "name": "https://bugs.ghostscript.com/show_bug.cgi?id=697551", + "refsource": "MISC", + "url": "https://bugs.ghostscript.com/show_bug.cgi?id=697551" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6064.json b/2017/6xxx/CVE-2017-6064.json index aa063dded10..11717573b62 100644 --- a/2017/6xxx/CVE-2017-6064.json +++ b/2017/6xxx/CVE-2017-6064.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6064", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6064", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6071.json b/2017/6xxx/CVE-2017-6071.json index 63160ebc041..946241f0976 100644 --- a/2017/6xxx/CVE-2017-6071.json +++ b/2017/6xxx/CVE-2017-6071.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://dev.cmsmadesimple.org/project/files/69", - "refsource" : "MISC", - "url" : "http://dev.cmsmadesimple.org/project/files/69" - }, - { - "name" : "https://daylight-it.com/security-advisory-dlcs0001.html", - "refsource" : "MISC", - "url" : "https://daylight-it.com/security-advisory-dlcs0001.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://daylight-it.com/security-advisory-dlcs0001.html", + "refsource": "MISC", + "url": "https://daylight-it.com/security-advisory-dlcs0001.html" + }, + { + "name": "http://dev.cmsmadesimple.org/project/files/69", + "refsource": "MISC", + "url": "http://dev.cmsmadesimple.org/project/files/69" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6284.json b/2017/6xxx/CVE-2017-6284.json index 7415e346ad7..a972d5ab359 100644 --- a/2017/6xxx/CVE-2017-6284.json +++ b/2017/6xxx/CVE-2017-6284.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-02-26T00:00:00", - "ID" : "CVE-2017-6284", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SHIELD TV", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-02-26T00:00:00", + "ID": "CVE-2017-6284", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SHIELD TV", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7072.json b/2017/7xxx/CVE-2017-7072.json index e0924ef75b8..84d4e43d0f8 100644 --- a/2017/7xxx/CVE-2017-7072.json +++ b/2017/7xxx/CVE-2017-7072.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"iBooks\" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "100892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100892" - }, - { - "name" : "1039385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"iBooks\" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100892" + }, + { + "name": "1039385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039385" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7142.json b/2017/7xxx/CVE-2017-7142.json index 0a7d6791508..3a8752f7453 100644 --- a/2017/7xxx/CVE-2017-7142.json +++ b/2017/7xxx/CVE-2017-7142.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7142", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7142", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "100996", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100996" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "100996", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100996" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7653.json b/2017/7xxx/CVE-2017-7653.json index 88d707c03b6..b231b503620 100644 --- a/2017/7xxx/CVE-2017-7653.json +++ b/2017/7xxx/CVE-2017-7653.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "emo@eclipse.org", - "ID" : "CVE-2017-7653", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eclipse Mosquitto", - "version" : { - "version_data" : [ - { - "version_affected" : "<=", - "version_value" : "1.4.15" - } - ] - } - } - ] - }, - "vendor_name" : "The Eclipse Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20: Improper Input Validation" - } + "CVE_data_meta": { + "ASSIGNER": "security@eclipse.org", + "ID": "CVE-2017-7653", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eclipse Mosquitto", + "version": { + "version_data": [ + { + "version_affected": "<=", + "version_value": "1.4.15" + } + ] + } + } + ] + }, + "vendor_name": "The Eclipse Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180928 [SECURITY] [DLA 1525-1] mosquitto security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html" - }, - { - "name" : "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf", - "refsource" : "MISC", - "url" : "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf" - }, - { - "name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113", - "refsource" : "CONFIRM", - "url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113" - }, - { - "name" : "DSA-4325", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4325" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20: Improper Input Validation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113", + "refsource": "CONFIRM", + "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113" + }, + { + "name": "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf", + "refsource": "MISC", + "url": "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf" + }, + { + "name": "[debian-lts-announce] 20180928 [SECURITY] [DLA 1525-1] mosquitto security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html" + }, + { + "name": "DSA-4325", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4325" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7826.json b/2017/7xxx/CVE-2017-7826.json index 6e9941ac885..d4a78bb4ff3 100644 --- a/2017/7xxx/CVE-2017-7826.json +++ b/2017/7xxx/CVE-2017-7826.json @@ -1,150 +1,150 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "57" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.5" - } - ] - } - }, - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.5" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "57" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.5" + } + ] + } + }, + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.5" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" - }, - { - "name" : "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" - }, - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-25/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-25/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-26/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-26/" - }, - { - "name" : "DSA-4035", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4035" - }, - { - "name" : "DSA-4061", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4061" - }, - { - "name" : "DSA-4075", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-4075" - }, - { - "name" : "RHSA-2017:3247", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3247" - }, - { - "name" : "RHSA-2017:3372", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3372" - }, - { - "name" : "USN-3688-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3688-1/" - }, - { - "name" : "101832", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101832" - }, - { - "name" : "1039803", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039803" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html" + }, + { + "name": "DSA-4035", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4035" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-24/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-24/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-25/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-25/" + }, + { + "name": "101832", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101832" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-26/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-26/" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804" + }, + { + "name": "1039803", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039803" + }, + { + "name": "DSA-4061", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4061" + }, + { + "name": "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html" + }, + { + "name": "RHSA-2017:3247", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3247" + }, + { + "name": "DSA-4075", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-4075" + }, + { + "name": "USN-3688-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3688-1/" + }, + { + "name": "RHSA-2017:3372", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3372" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7869.json b/2017/7xxx/CVE-2017-7869.json index a83706f837e..7db80ba7e0f 100644 --- a/2017/7xxx/CVE-2017-7869.json +++ b/2017/7xxx/CVE-2017-7869.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7869", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7869", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420" - }, - { - "name" : "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe", - "refsource" : "MISC", - "url" : "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe" - }, - { - "name" : "https://www.gnutls.org/security.html", - "refsource" : "CONFIRM", - "url" : "https://www.gnutls.org/security.html" - }, - { - "name" : "RHSA-2017:2292", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2292" - }, - { - "name" : "97040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97040" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420" + }, + { + "name": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe", + "refsource": "MISC", + "url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe" + }, + { + "name": "RHSA-2017:2292", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2292" + }, + { + "name": "https://www.gnutls.org/security.html", + "refsource": "CONFIRM", + "url": "https://www.gnutls.org/security.html" + }, + { + "name": "97040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97040" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10509.json b/2018/10xxx/CVE-2018-10509.json index f8660132006..7ece0893f87 100644 --- a/2018/10xxx/CVE-2018-10509.json +++ b/2018/10xxx/CVE-2018-10509.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10509", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro OfficeScan", - "version" : { - "version_data" : [ - { - "version_value" : "11.0 SP1, XG" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10509", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro OfficeScan", + "version": { + "version_data": [ + { + "version_value": "11.0 SP1, XG" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://success.trendmicro.com/solution/1119961", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119961" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://success.trendmicro.com/solution/1119961", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119961" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14217.json b/2018/14xxx/CVE-2018-14217.json index 3aea0719f81..9ba4060ed54 100644 --- a/2018/14xxx/CVE-2018-14217.json +++ b/2018/14xxx/CVE-2018-14217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14736.json b/2018/14xxx/CVE-2018-14736.json index 79315a47bd1..c5b15713f11 100644 --- a/2018/14xxx/CVE-2018-14736.json +++ b/2018/14xxx/CVE-2018-14736.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/cloudwu/pbc/issues/123#issue-343906084", - "refsource" : "MISC", - "url" : "https://github.com/cloudwu/pbc/issues/123#issue-343906084" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cloudwu/pbc/issues/123#issue-343906084", + "refsource": "MISC", + "url": "https://github.com/cloudwu/pbc/issues/123#issue-343906084" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14806.json b/2018/14xxx/CVE-2018-14806.json index ac52bf7192d..7dea5a97acb 100644 --- a/2018/14xxx/CVE-2018-14806.json +++ b/2018/14xxx/CVE-2018-14806.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-23T00:00:00", - "ID" : "CVE-2018-14806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advantech WebAccess", - "version" : { - "version_data" : [ - { - "version_value" : "WebAccess Versions 8.3.1 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Advantech" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-23T00:00:00", + "ID": "CVE-2018-14806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advantech WebAccess", + "version": { + "version_data": [ + { + "version_value": "WebAccess Versions 8.3.1 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Advantech" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," - }, - { - "name" : "105728", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105728" - }, - { - "name" : "1041939", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041939", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041939" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01," + }, + { + "name": "105728", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105728" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20098.json b/2018/20xxx/CVE-2018-20098.json index f0883eabd73..1f66a8114e2 100644 --- a/2018/20xxx/CVE-2018-20098.json +++ b/2018/20xxx/CVE-2018-20098.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Exiv2/exiv2/issues/590", - "refsource" : "MISC", - "url" : "https://github.com/Exiv2/exiv2/issues/590" - }, - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Exiv2/exiv2/issues/590", + "refsource": "MISC", + "url": "https://github.com/Exiv2/exiv2/issues/590" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20363.json b/2018/20xxx/CVE-2018-20363.json index 0685be97313..b8ffa609fd3 100644 --- a/2018/20xxx/CVE-2018-20363.json +++ b/2018/20xxx/CVE-2018-20363.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/LibRaw/LibRaw/issues/193", - "refsource" : "MISC", - "url" : "https://github.com/LibRaw/LibRaw/issues/193" - }, - { - "name" : "106299", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106299", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106299" + }, + { + "name": "https://github.com/LibRaw/LibRaw/issues/193", + "refsource": "MISC", + "url": "https://github.com/LibRaw/LibRaw/issues/193" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20460.json b/2018/20xxx/CVE-2018-20460.json index 9d7a2f0eaed..da9d771259e 100644 --- a/2018/20xxx/CVE-2018-20460.json +++ b/2018/20xxx/CVE-2018-20460.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf" - }, - { - "name" : "https://github.com/radare/radare2/issues/12376", - "refsource" : "MISC", - "url" : "https://github.com/radare/radare2/issues/12376" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf" + }, + { + "name": "https://github.com/radare/radare2/issues/12376", + "refsource": "MISC", + "url": "https://github.com/radare/radare2/issues/12376" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20537.json b/2018/20xxx/CVE-2018-20537.json index 36c1bbccef9..4c0525e5b86 100644 --- a/2018/20xxx/CVE-2018-20537.json +++ b/2018/20xxx/CVE-2018-20537.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20537", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20537", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652611", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652611" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20678.json b/2018/20xxx/CVE-2018-20678.json index e765b4c519c..287f329175e 100644 --- a/2018/20xxx/CVE-2018-20678.json +++ b/2018/20xxx/CVE-2018-20678.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20678", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20678", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9164.json b/2018/9xxx/CVE-2018-9164.json index 63c94deab85..e64f95c20fb 100644 --- a/2018/9xxx/CVE-2018-9164.json +++ b/2018/9xxx/CVE-2018-9164.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9164", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9164", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9217.json b/2018/9xxx/CVE-2018-9217.json index d2e54c83da1..5f93f4d834b 100644 --- a/2018/9xxx/CVE-2018-9217.json +++ b/2018/9xxx/CVE-2018-9217.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9217", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9217", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9783.json b/2018/9xxx/CVE-2018-9783.json index af9aa7871ee..71003a24e62 100644 --- a/2018/9xxx/CVE-2018-9783.json +++ b/2018/9xxx/CVE-2018-9783.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9783", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9783", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9932.json b/2018/9xxx/CVE-2018-9932.json index 02e8e29c0fd..69c6b711a36 100644 --- a/2018/9xxx/CVE-2018-9932.json +++ b/2018/9xxx/CVE-2018-9932.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9932", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9932", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9966.json b/2018/9xxx/CVE-2018-9966.json index 99c3ee6b257..e874baf7f2a 100644 --- a/2018/9xxx/CVE-2018-9966.json +++ b/2018/9xxx/CVE-2018-9966.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-350", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-350" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-350", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-350" + } + ] + } +} \ No newline at end of file