From e6cb6c4033d8a824b132bfba751211d84d67022a Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:15:30 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0211.json | 160 +++++++++--------- 2002/0xxx/CVE-2002-0389.json | 160 +++++++++--------- 2002/1xxx/CVE-2002-1243.json | 34 ++-- 2002/2xxx/CVE-2002-2167.json | 140 ++++++++-------- 2003/0xxx/CVE-2003-0888.json | 34 ++-- 2005/1xxx/CVE-2005-1473.json | 120 +++++++------- 2005/1xxx/CVE-2005-1788.json | 130 +++++++-------- 2009/1xxx/CVE-2009-1425.json | 180 ++++++++++---------- 2009/1xxx/CVE-2009-1454.json | 170 +++++++++---------- 2009/1xxx/CVE-2009-1626.json | 140 ++++++++-------- 2009/5xxx/CVE-2009-5061.json | 120 +++++++------- 2012/0xxx/CVE-2012-0292.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0361.json | 130 +++++++-------- 2012/0xxx/CVE-2012-0720.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0881.json | 150 ++++++++--------- 2012/0xxx/CVE-2012-0975.json | 160 +++++++++--------- 2012/1xxx/CVE-2012-1541.json | 290 ++++++++++++++++----------------- 2012/3xxx/CVE-2012-3429.json | 200 +++++++++++------------ 2012/3xxx/CVE-2012-3505.json | 210 ++++++++++++------------ 2012/4xxx/CVE-2012-4246.json | 170 +++++++++---------- 2012/4xxx/CVE-2012-4845.json | 190 ++++++++++----------- 2012/6xxx/CVE-2012-6452.json | 140 ++++++++-------- 2012/6xxx/CVE-2012-6485.json | 34 ++-- 2012/6xxx/CVE-2012-6618.json | 170 +++++++++---------- 2017/2xxx/CVE-2017-2058.json | 34 ++-- 2017/2xxx/CVE-2017-2735.json | 132 +++++++-------- 2017/2xxx/CVE-2017-2844.json | 132 +++++++-------- 2017/2xxx/CVE-2017-2874.json | 122 +++++++------- 2017/6xxx/CVE-2017-6262.json | 132 +++++++-------- 2017/6xxx/CVE-2017-6332.json | 34 ++-- 2017/6xxx/CVE-2017-6359.json | 170 +++++++++---------- 2017/6xxx/CVE-2017-6439.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6526.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6564.json | 130 +++++++-------- 2017/7xxx/CVE-2017-7060.json | 150 ++++++++--------- 2017/7xxx/CVE-2017-7408.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7638.json | 122 +++++++------- 2017/7xxx/CVE-2017-7891.json | 130 +++++++-------- 2018/10xxx/CVE-2018-10943.json | 130 +++++++-------- 2018/14xxx/CVE-2018-14107.json | 34 ++-- 2018/14xxx/CVE-2018-14140.json | 34 ++-- 2018/14xxx/CVE-2018-14186.json | 34 ++-- 2018/14xxx/CVE-2018-14410.json | 34 ++-- 2018/14xxx/CVE-2018-14728.json | 130 +++++++-------- 2018/15xxx/CVE-2018-15358.json | 120 +++++++------- 2018/15xxx/CVE-2018-15831.json | 34 ++-- 2018/15xxx/CVE-2018-15887.json | 120 +++++++------- 2018/15xxx/CVE-2018-15945.json | 140 ++++++++-------- 2018/20xxx/CVE-2018-20174.json | 150 +++++++++-------- 2018/20xxx/CVE-2018-20443.json | 120 +++++++------- 2018/20xxx/CVE-2018-20473.json | 34 ++-- 2018/20xxx/CVE-2018-20677.json | 160 +++++++++--------- 2018/9xxx/CVE-2018-9500.json | 34 ++-- 2018/9xxx/CVE-2018-9733.json | 34 ++-- 2018/9xxx/CVE-2018-9922.json | 120 +++++++------- 55 files changed, 3356 insertions(+), 3336 deletions(-) diff --git a/2002/0xxx/CVE-2002-0211.json b/2002/0xxx/CVE-2002-0211.json index d03205aa875..8dba128ca56 100644 --- a/2002/0xxx/CVE-2002-0211.json +++ b/2002/0xxx/CVE-2002-0211.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0211", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary \"gunzip\" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0211", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020126 Vulnerability report for Tarantella Enterprise 3.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101208650722179&w=2" - }, - { - "name" : "20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/265845" - }, - { - "name" : "http://www.tarantella.com/security/bulletin-04.html", - "refsource" : "CONFIRM", - "url" : "http://www.tarantella.com/security/bulletin-04.html" - }, - { - "name" : "3966", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3966" - }, - { - "name" : "tarantella-gunzip-tmp-race(7996)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/7996.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary \"gunzip\" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3966", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3966" + }, + { + "name": "20020126 Vulnerability report for Tarantella Enterprise 3.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101208650722179&w=2" + }, + { + "name": "20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/265845" + }, + { + "name": "http://www.tarantella.com/security/bulletin-04.html", + "refsource": "CONFIRM", + "url": "http://www.tarantella.com/security/bulletin-04.html" + }, + { + "name": "tarantella-gunzip-tmp-race(7996)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/7996.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0389.json b/2002/0xxx/CVE-2002-0389.json index 473bb7b2f99..68b95139fee 100644 --- a/2002/0xxx/CVE-2002-0389.json +++ b/2002/0xxx/CVE-2002-0389.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020417 Mailman/Pipermail private mailing list/local user vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101902003314968&w=2" - }, - { - "name" : "http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103", - "refsource" : "MISC", - "url" : "http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103" - }, - { - "name" : "RHSA-2015:1417", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2015-1417.html" - }, - { - "name" : "pipermail-view-archives(8874)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8874.php" - }, - { - "name" : "4538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2015:1417", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2015-1417.html" + }, + { + "name": "4538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4538" + }, + { + "name": "http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103", + "refsource": "MISC", + "url": "http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103" + }, + { + "name": "pipermail-view-archives(8874)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8874.php" + }, + { + "name": "20020417 Mailman/Pipermail private mailing list/local user vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101902003314968&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1243.json b/2002/1xxx/CVE-2002-1243.json index 99a656654d1..b72a0826e08 100644 --- a/2002/1xxx/CVE-2002-1243.json +++ b/2002/1xxx/CVE-2002-1243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2167.json b/2002/2xxx/CVE-2002-2167.json index 2a874c5d55c..c9b3b189eb0 100644 --- a/2002/2xxx/CVE-2002-2167.json +++ b/2002/2xxx/CVE-2002-2167.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2167", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an \"include\" function call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2167", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020715 Again NULL and addslashes() (now in 123tkshop)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/282404" - }, - { - "name" : "123tkshop-include-read-files(9581)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9581.php" - }, - { - "name" : "5243", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5243" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an \"include\" function call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "123tkshop-include-read-files(9581)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9581.php" + }, + { + "name": "5243", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5243" + }, + { + "name": "20020715 Again NULL and addslashes() (now in 123tkshop)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/282404" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0888.json b/2003/0xxx/CVE-2003-0888.json index dfdfb0bc431..8ba4861b20d 100644 --- a/2003/0xxx/CVE-2003-0888.json +++ b/2003/0xxx/CVE-2003-0888.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0888", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0888", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1473.json b/2005/1xxx/CVE-2005-1473.json index 8c2cfbd32d2..0abe9c4ff83 100644 --- a/2005/1xxx/CVE-2005-1473.json +++ b/2005/1xxx/CVE-2005-1473.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-05-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00004.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2005-05-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/May/msg00004.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1788.json b/2005/1xxx/CVE-2005-1788.json index 28e6ca63160..a993ee23ab8 100644 --- a/2005/1xxx/CVE-2005-1788.json +++ b/2005/1xxx/CVE-2005-1788.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "1014071", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014071" - }, - { - "name" : "15540", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15540" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15540", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15540" + }, + { + "name": "1014071", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014071" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1425.json b/2009/1xxx/CVE-2009-1425.json index d66a634c262..f0c14be1d59 100644 --- a/2009/1xxx/CVE-2009-1425.json +++ b/2009/1xxx/CVE-2009-1425.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1425", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1425", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cdn.procurve.com/training/Manuals/TMSzlModule-RelNotes-90603-59900224.pdf", - "refsource" : "CONFIRM", - "url" : "http://cdn.procurve.com/training/Manuals/TMSzlModule-RelNotes-90603-59900224.pdf" - }, - { - "name" : "HPSBGN02446", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "SSRT090111", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" - }, - { - "name" : "35653", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35653" - }, - { - "name" : "1022536", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022536" - }, - { - "name" : "ADV-2009-1869", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1869" - }, - { - "name" : "procurve-httpd-dos(51691)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51691" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service by triggering a stop or crash in httpd, aka PR_18770, a different vulnerability than CVE-2009-1423 and CVE-2009-1424." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "procurve-httpd-dos(51691)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51691" + }, + { + "name": "ADV-2009-1869", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1869" + }, + { + "name": "SSRT090111", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + }, + { + "name": "1022536", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022536" + }, + { + "name": "HPSBGN02446", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2" + }, + { + "name": "35653", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35653" + }, + { + "name": "http://cdn.procurve.com/training/Manuals/TMSzlModule-RelNotes-90603-59900224.pdf", + "refsource": "CONFIRM", + "url": "http://cdn.procurve.com/training/Manuals/TMSzlModule-RelNotes-90603-59900224.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1454.json b/2009/1xxx/CVE-2009-1454.json index 67e4caf6928..934fd6692f3 100644 --- a/2009/1xxx/CVE-2009-1454.json +++ b/2009/1xxx/CVE-2009-1454.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1454", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1454", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://holisticinfosec.org/content/view/108/45/", - "refsource" : "MISC", - "url" : "http://holisticinfosec.org/content/view/108/45/" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945" - }, - { - "name" : "34576", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34576" - }, - { - "name" : "53780", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/53780" - }, - { - "name" : "34568", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34568" - }, - { - "name" : "webcollab-tasks-xss(49939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab before 2.50 (aka Billy Goat) allows remote attackers to inject arbitrary web script or HTML via the selection parameter in a todo action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "webcollab-tasks-xss(49939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49939" + }, + { + "name": "34568", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34568" + }, + { + "name": "53780", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/53780" + }, + { + "name": "http://holisticinfosec.org/content/view/108/45/", + "refsource": "MISC", + "url": "http://holisticinfosec.org/content/view/108/45/" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=676245&group_id=75945" + }, + { + "name": "34576", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34576" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1626.json b/2009/1xxx/CVE-2009-1626.json index 493cb5a4dcc..48394fd7101 100644 --- a/2009/1xxx/CVE-2009-1626.json +++ b/2009/1xxx/CVE-2009-1626.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1626", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1626", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8547", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8547" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152" - }, - { - "name" : "34729", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34729" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152" + }, + { + "name": "8547", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8547" + }, + { + "name": "34729", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34729" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5061.json b/2009/5xxx/CVE-2009-5061.json index 9425483c111..96a433cf3c3 100644 --- a/2009/5xxx/CVE-2009-5061.json +++ b/2009/5xxx/CVE-2009-5061.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 services for Lotus Domino, when Domino Native Authentication is enabled, might allow remote authenticated users to cause a denial of service (daemon crash) by going offline, aka SPR MLZG7UPB9N." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27013341" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0292.json b/2012/0xxx/CVE-2012-0292.json index 85e4b2f1b6c..4dd42fe7f61 100644 --- a/2012/0xxx/CVE-2012-0292.json +++ b/2012/0xxx/CVE-2012-0292.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18493", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18493/" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00" - }, - { - "name" : "52094", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52094" - }, - { - "name" : "48092", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48092" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allows remote attackers to cause a denial of service (daemon crash) via a crafted TCP session on port 5631." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52094", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52094" + }, + { + "name": "18493", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18493/" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120301_00" + }, + { + "name": "48092", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48092" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0361.json b/2012/0xxx/CVE-2012-0361.json index b5bef925d46..1693fcdf3e5 100644 --- a/2012/0xxx/CVE-2012-0361.json +++ b/2012/0xxx/CVE-2012-0361.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0361", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0361", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html" - }, - { - "name" : "1027013", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027013" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html" + }, + { + "name": "1027013", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027013" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0720.json b/2012/0xxx/CVE-2012-0720.json index ff15dee00c1..3bd1fe4b3a7 100644 --- a/2012/0xxx/CVE-2012-0720.json +++ b/2012/0xxx/CVE-2012-0720.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0720", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0720", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21595172", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21595172" - }, - { - "name" : "PM52274", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM52274" - }, - { - "name" : "was-isc-xss(74044)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Integration Solution Console in the Administration Console in IBM WebSphere Application Server 7.0 before 7.0.0.23 allows remote attackers to inject arbitrary web script or HTML via a crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21595172", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21595172" + }, + { + "name": "was-isc-xss(74044)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74044" + }, + { + "name": "PM52274", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM52274" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0881.json b/2012/0xxx/CVE-2012-0881.json index c85581f5a7a..cfa64fdcf8e 100644 --- a/2012/0xxx/CVE-2012-0881.json +++ b/2012/0xxx/CVE-2012-0881.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0881", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0881", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2014/07/08/11" - }, - { - "name" : "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=787104", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=787104" - }, - { - "name" : "https://issues.apache.org/jira/browse/XERCESJ-1685", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/XERCESJ-1685" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://issues.apache.org/jira/browse/XERCESJ-1685", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/XERCESJ-1685" + }, + { + "name": "[j-users] 20180503 [ANNOUNCEMENT]: Apache Xerces-J 2.12.0 now available", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/49dc6702104a86ecbb40292dcd329ce9ae4c32b74733199ecab14a73@%3Cj-users.xerces.apache.org%3E" + }, + { + "name": "[oss-security] 20140708 Summer bug cleaning - some Hash DoS stuff", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2014/07/08/11" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=787104", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=787104" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0975.json b/2012/0xxx/CVE-2012-0975.json index 3554ff4ff49..47e1bf1dc2a 100644 --- a/2012/0xxx/CVE-2012-0975.json +++ b/2012/0xxx/CVE-2012-0975.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/view/109240/dpi10-xss.txt", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/view/109240/dpi10-xss.txt" - }, - { - "name" : "51734", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51734" - }, - { - "name" : "78660", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78660" - }, - { - "name" : "47786", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47786" - }, - { - "name" : "dpi-misc-xss(72823)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dpi-misc-xss(72823)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72823" + }, + { + "name": "51734", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51734" + }, + { + "name": "47786", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47786" + }, + { + "name": "78660", + "refsource": "OSVDB", + "url": "http://osvdb.org/78660" + }, + { + "name": "http://packetstormsecurity.org/files/view/109240/dpi10-xss.txt", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/view/109240/dpi10-xss.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1541.json b/2012/1xxx/CVE-2012-1541.json index 44da1a1c404..b3be084685e 100644 --- a/2012/1xxx/CVE-2012-1541.json +++ b/2012/1xxx/CVE-2012-1541.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130201 Multiple Vendor WebKit JRE Plugin Module Use-after-Free Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1018" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" - }, - { - "name" : "HPSBUX02864", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "SSRT101156", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" - }, - { - "name" : "HPSBMU02874", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "HPSBUX02857", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101103", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" - }, - { - "name" : "SSRT101184", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" - }, - { - "name" : "RHSA-2013:0236", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" - }, - { - "name" : "RHSA-2013:0237", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "TA13-032A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" - }, - { - "name" : "VU#858729", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/858729" - }, - { - "name" : "57697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57697" - }, - { - "name" : "oval:org.mitre.oval:def:16384", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16384" - }, - { - "name" : "oval:org.mitre.oval:def:19070", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19070" - }, - { - "name" : "oval:org.mitre.oval:def:19499", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19499" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than other CVEs listed in the February 2013 CPU. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from a third party that the issue is due to an interaction error in between the JRE plug-in for WebKit-based browsers and the Javascript engine, which allows remote attackers to execute arbitrary code by modifying DOM nodes that contain applet elements in a way that triggers an incorrect reference count and a use after free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:19070", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19070" + }, + { + "name": "oval:org.mitre.oval:def:19499", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19499" + }, + { + "name": "SSRT101156", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "TA13-032A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" + }, + { + "name": "RHSA-2013:0236", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "VU#858729", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/858729" + }, + { + "name": "RHSA-2013:0237", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html" + }, + { + "name": "HPSBUX02857", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "HPSBMU02874", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + }, + { + "name": "SSRT101103", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2" + }, + { + "name": "57697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57697" + }, + { + "name": "20130201 Multiple Vendor WebKit JRE Plugin Module Use-after-Free Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.verisigninc.com/en_US/products-and-services/network-intelligence-availability/idefense/public-vulnerability-reports/articles/index.xhtml?id=1018" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "HPSBUX02864", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" + }, + { + "name": "oval:org.mitre.oval:def:16384", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16384" + }, + { + "name": "SSRT101184", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3429.json b/2012/3xxx/CVE-2012-3429.json index 3264cdeb01b..5d8a7f0e2f9 100644 --- a/2012/3xxx/CVE-2012-3429.json +++ b/2012/3xxx/CVE-2012-3429.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a \"$\" character in a DN in a DNS query." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/02/5" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=842466", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=842466" - }, - { - "name" : "http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006", - "refsource" : "CONFIRM", - "url" : "http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006" - }, - { - "name" : "RHSA-2012:1139", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1139.html" - }, - { - "name" : "54787", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54787" - }, - { - "name" : "1027341", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027341" - }, - { - "name" : "50086", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50086" - }, - { - "name" : "50159", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50159" - }, - { - "name" : "binddyndbldap-dnstoldapdnescape-dos(77391)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77391" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to cause a denial of service (named service hang) via a \"$\" character in a DN in a DNS query." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027341", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027341" + }, + { + "name": "http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006", + "refsource": "CONFIRM", + "url": "http://git.fedorahosted.org/cgit/bind-dyndb-ldap.git/commit/?id=f345805c73c294db42452ae966c48fbc36c48006" + }, + { + "name": "RHSA-2012:1139", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1139.html" + }, + { + "name": "binddyndbldap-dnstoldapdnescape-dos(77391)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77391" + }, + { + "name": "50159", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50159" + }, + { + "name": "50086", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50086" + }, + { + "name": "[oss-security] 20120802 bind-dyndb-ldap DoS CVE-2012-3429", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/02/5" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=842466", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=842466" + }, + { + "name": "54787", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54787" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3505.json b/2012/3xxx/CVE-2012-3505.json index a944e2dadf5..5b63447bcc1 100644 --- a/2012/3xxx/CVE-2012-3505.json +++ b/2012/3xxx/CVE-2012-3505.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120817 CVE request: tinyproxy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/17/3" - }, - { - "name" : "[oss-security] 20120818 Re: CVE request: tinyproxy", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/18/1" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281", - "refsource" : "MISC", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281" - }, - { - "name" : "https://banu.com/bugzilla/show_bug.cgi?id=110", - "refsource" : "MISC", - "url" : "https://banu.com/bugzilla/show_bug.cgi?id=110" - }, - { - "name" : "https://banu.com/bugzilla/show_bug.cgi?id=110#c2", - "refsource" : "CONFIRM", - "url" : "https://banu.com/bugzilla/show_bug.cgi?id=110#c2" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985" - }, - { - "name" : "DSA-2564", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2564" - }, - { - "name" : "1027412", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027412" - }, - { - "name" : "50278", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50278" - }, - { - "name" : "51074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via (1) a large number of headers or (2) a large number of forged headers that trigger hash collisions predictably. bucket." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://banu.com/bugzilla/show_bug.cgi?id=110", + "refsource": "MISC", + "url": "https://banu.com/bugzilla/show_bug.cgi?id=110" + }, + { + "name": "[oss-security] 20120817 CVE request: tinyproxy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/17/3" + }, + { + "name": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2", + "refsource": "CONFIRM", + "url": "https://banu.com/bugzilla/show_bug.cgi?id=110#c2" + }, + { + "name": "1027412", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027412" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985" + }, + { + "name": "[oss-security] 20120818 Re: CVE request: tinyproxy", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/18/1" + }, + { + "name": "51074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51074" + }, + { + "name": "DSA-2564", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2564" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281", + "refsource": "MISC", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685281" + }, + { + "name": "50278", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50278" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4246.json b/2012/4xxx/CVE-2012-4246.json index 7e4cd59cd5e..26d693d3c04 100644 --- a/2012/4xxx/CVE-2012-4246.json +++ b/2012/4xxx/CVE-2012-4246.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.httpcs.com/advisories", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisories" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs23", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs23" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs24", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs24" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs25", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs25" - }, - { - "name" : "https://www.httpcs.com/advisory/httpcs26", - "refsource" : "MISC", - "url" : "https://www.httpcs.com/advisory/httpcs26" - }, - { - "name" : "http://www.phplist.com/?lid=579", - "refsource" : "CONFIRM", - "url" : "http://www.phplist.com/?lid=579" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the (2) footer, (3) status, or (4) testtarget parameter in the send page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.httpcs.com/advisory/httpcs25", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs25" + }, + { + "name": "http://www.phplist.com/?lid=579", + "refsource": "CONFIRM", + "url": "http://www.phplist.com/?lid=579" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs24", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs24" + }, + { + "name": "https://www.httpcs.com/advisories", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisories" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs23", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs23" + }, + { + "name": "https://www.httpcs.com/advisory/httpcs26", + "refsource": "MISC", + "url": "https://www.httpcs.com/advisory/httpcs26" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4845.json b/2012/4xxx/CVE-2012-4845.json index 858ae7e6314..03c8c81d0f8 100644 --- a/2012/4xxx/CVE-2012-4845.json +++ b/2012/4xxx/CVE-2012-4845.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4845", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4845", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc", - "refsource" : "CONFIRM", - "url" : "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc" - }, - { - "name" : "IV23331", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV23331" - }, - { - "name" : "IV28715", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV28715" - }, - { - "name" : "IV28785", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV28785" - }, - { - "name" : "IV28787", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV28787" - }, - { - "name" : "56134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56134" - }, - { - "name" : "oval:org.mitre.oval:def:19695", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695" - }, - { - "name" : "aix-ftp-setuid(79279)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79279" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IV28715", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28715" + }, + { + "name": "IV23331", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV23331" + }, + { + "name": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc", + "refsource": "CONFIRM", + "url": "http://aix.software.ibm.com/aix/efixes/security/ftp_advisory1.asc" + }, + { + "name": "oval:org.mitre.oval:def:19695", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19695" + }, + { + "name": "IV28785", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28785" + }, + { + "name": "IV28787", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=isg1IV28787" + }, + { + "name": "56134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56134" + }, + { + "name": "aix-ftp-setuid(79279)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79279" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6452.json b/2012/6xxx/CVE-2012-6452.json index bdd9c214977..0c81b946c22 100644 --- a/2012/6xxx/CVE-2012-6452.json +++ b/2012/6xxx/CVE-2012-6452.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6452", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6452", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html" - }, - { - "name" : "57457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57457" - }, - { - "name" : "axway-secure-info-disc(81388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130117 CVE-2012-6452 Axway Secure Messenger Username Disclosure", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0076.html" + }, + { + "name": "57457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57457" + }, + { + "name": "axway-secure-info-disc(81388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81388" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6485.json b/2012/6xxx/CVE-2012-6485.json index 7731c25f8ce..b119d90f28f 100644 --- a/2012/6xxx/CVE-2012-6485.json +++ b/2012/6xxx/CVE-2012-6485.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6485", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6485", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6618.json b/2012/6xxx/CVE-2012-6618.json index c201b8ce861..4ee5739b9a3 100644 --- a/2012/6xxx/CVE-2012-6618.json +++ b/2012/6xxx/CVE-2012-6618.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6618", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6618", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[ffmpeg-user] 20121204 Re: Unable to analyze/transcode mp3", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb" - }, - { - "name" : "http://www.ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.ffmpeg.org/security.html" - }, - { - "name" : "https://trac.ffmpeg.org/ticket/1991", - "refsource" : "CONFIRM", - "url" : "https://trac.ffmpeg.org/ticket/1991" - }, - { - "name" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", - "refsource" : "CONFIRM", - "url" : "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" - }, - { - "name" : "51964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51964" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The av_probe_input_buffer function in libavformat/utils.c in FFmpeg before 1.0.2, when running with certain -probesize values, allows remote attackers to cause a denial of service (crash) via a crafted MP3 file, possibly related to frame size or lack of sufficient \"frames to estimate rate.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[ffmpeg-user] 20121204 Re: Unable to analyze/transcode mp3", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.video.ffmpeg.user/42233" + }, + { + "name": "https://trac.ffmpeg.org/ticket/1991", + "refsource": "CONFIRM", + "url": "https://trac.ffmpeg.org/ticket/1991" + }, + { + "name": "http://www.ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://www.ffmpeg.org/security.html" + }, + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb" + }, + { + "name": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11", + "refsource": "CONFIRM", + "url": "http://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v9.11" + }, + { + "name": "51964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51964" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2058.json b/2017/2xxx/CVE-2017-2058.json index f1cbaee2bf4..9ae2be7bce0 100644 --- a/2017/2xxx/CVE-2017-2058.json +++ b/2017/2xxx/CVE-2017-2058.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2058", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2058", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2735.json b/2017/2xxx/CVE-2017-2735.json index 5b9c987a851..de95419254b 100644 --- a/2017/2xxx/CVE-2017-2735.json +++ b/2017/2xxx/CVE-2017-2735.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TIT-AL00", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier before TIT-AL00C583B214" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Exposed System Interface" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TIT-AL00", + "version": { + "version_data": [ + { + "version_value": "Versions earlier before TIT-AL00C583B214" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en" - }, - { - "name" : "97224", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97224" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TIT-AL00 smartphones with software versions earlier before TIT-AL00C583B214 have a exposed system interface vulnerability. The software provides a system interface for interaction with external applications, but calling the interface is not properly restricted. An attacker could trick the user into installing a malicious application to call the interface and modify the system properties." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Exposed System Interface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-smartphone-en" + }, + { + "name": "97224", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97224" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2844.json b/2017/2xxx/CVE-2017-2844.json index c7988b2e377..3652397e7d5 100644 --- a/2017/2xxx/CVE-2017-2844.json +++ b/2017/2xxx/CVE-2017-2844.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-2844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-2844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346", - "refsource" : "MISC", - "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + }, + { + "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346", + "refsource": "MISC", + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0346" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2874.json b/2017/2xxx/CVE-2017-2874.json index 12dbe608b14..0846e1f04f2 100644 --- a/2017/2xxx/CVE-2017-2874.json +++ b/2017/2xxx/CVE-2017-2874.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-2874", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foscam Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Exposure" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-2874", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foscam Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0381", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Exposure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0381", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0381" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6262.json b/2017/6xxx/CVE-2017-6262.json index e4d848f4f89..74f2187126c 100644 --- a/2017/6xxx/CVE-2017-6262.json +++ b/2017/6xxx/CVE-2017-6262.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2017-12-04T00:00:00", - "ID" : "CVE-2017-6262", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2017-12-04T00:00:00", + "ID": "CVE-2017-6262", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-12-01" - }, - { - "name" : "102106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/102106" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID: A-38045794. References: N-CVE-2017-6262." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "102106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/102106" + }, + { + "name": "https://source.android.com/security/bulletin/2017-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-12-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6332.json b/2017/6xxx/CVE-2017-6332.json index b78106f5ee0..c834ddafb9b 100644 --- a/2017/6xxx/CVE-2017-6332.json +++ b/2017/6xxx/CVE-2017-6332.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6332", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6332", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6359.json b/2017/6xxx/CVE-2017-6359.json index 49ddc4cbaa9..f94d9ef4054 100644 --- a/2017/6xxx/CVE-2017-6359.json +++ b/2017/6xxx/CVE-2017-6359.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41842", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41842/" - }, - { - "name" : "https://www.qnap.com/en-us/releasenotes/", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/en-us/releasenotes/" - }, - { - "name" : "https://www.qnap.com/en/support/con_show.php?cid=113", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/en/support/con_show.php?cid=113" - }, - { - "name" : "97059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97059" - }, - { - "name" : "97072", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97072" - }, - { - "name" : "1038091", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038091" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97072", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97072" + }, + { + "name": "https://www.qnap.com/en/support/con_show.php?cid=113", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en/support/con_show.php?cid=113" + }, + { + "name": "41842", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41842/" + }, + { + "name": "1038091", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038091" + }, + { + "name": "https://www.qnap.com/en-us/releasenotes/", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/en-us/releasenotes/" + }, + { + "name": "97059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97059" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6439.json b/2017/6xxx/CVE-2017-6439.json index 78bb61b01a2..4a0002ecfe2 100644 --- a/2017/6xxx/CVE-2017-6439.json +++ b/2017/6xxx/CVE-2017-6439.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libimobiledevice/libplist/issues/95", - "refsource" : "MISC", - "url" : "https://github.com/libimobiledevice/libplist/issues/95" - }, - { - "name" : "https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd", - "refsource" : "CONFIRM", - "url" : "https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd" - }, - { - "name" : "97278", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) via a crafted plist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97278", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97278" + }, + { + "name": "https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd", + "refsource": "CONFIRM", + "url": "https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd" + }, + { + "name": "https://github.com/libimobiledevice/libplist/issues/95", + "refsource": "MISC", + "url": "https://github.com/libimobiledevice/libplist/issues/95" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6526.json b/2017/6xxx/CVE-2017-6526.json index f059e61e67f..80b67037f5d 100644 --- a/2017/6xxx/CVE-2017-6526.json +++ b/2017/6xxx/CVE-2017-6526.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6526", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6526", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41578", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41578/" - }, - { - "name" : "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/", - "refsource" : "MISC", - "url" : "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/" - }, - { - "name" : "96823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96823" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96823" + }, + { + "name": "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/", + "refsource": "MISC", + "url": "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/" + }, + { + "name": "41578", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41578/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6564.json b/2017/6xxx/CVE-2017-6564.json index 63b62352778..e6aeb73964e 100644 --- a/2017/6xxx/CVE-2017-6564.json +++ b/2017/6xxx/CVE-2017-6564.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems", - "refsource" : "MISC", - "url" : "http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems" - }, - { - "name" : "https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2", - "refsource" : "MISC", - "url" : "https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as databases which contain information that can aid in further attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems", + "refsource": "MISC", + "url": "http://www.u235.io/single-post/2017/05/01/Penetrating-Fuel-Management-Systems" + }, + { + "name": "https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2", + "refsource": "MISC", + "url": "https://gist.github.com/Stick-U235/b187931f828e92866d09b9bdeb956ca2" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7060.json b/2017/7xxx/CVE-2017-7060.json index 44ea11ce37a..e1206f19db6 100644 --- a/2017/7xxx/CVE-2017-7060.json +++ b/2017/7xxx/CVE-2017-7060.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7060", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the \"Safari Printing\" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7060", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207921", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207921" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "99887", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99887" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. The issue involves the \"Safari Printing\" component. It allows remote attackers to cause a denial of service (excessive print dialogs) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207921", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207921" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "99887", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99887" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7408.json b/2017/7xxx/CVE-2017-7408.json index a4c7ed78637..b7433a47ae5 100644 --- a/2017/7xxx/CVE-2017-7408.json +++ b/2017/7xxx/CVE-2017-7408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/77", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/77" - }, - { - "name" : "https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html", - "refsource" : "CONFIRM", - "url" : "https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html" - }, - { - "name" : "97533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97533" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to cause a denial of service by leveraging improper validation of requests to revoke a Traps agent license." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html", + "refsource": "CONFIRM", + "url": "https://www.paloaltonetworks.com/documentation/34/endpoint/traps-release-notes/traps-3-4-4-addressed-issues.html" + }, + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/77", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/77" + }, + { + "name": "97533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97533" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7638.json b/2017/7xxx/CVE-2017-7638.json index 94410da9c7f..270c96b0851 100644 --- a/2017/7xxx/CVE-2017-7638.json +++ b/2017/7xxx/CVE-2017-7638.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@qnapsecurity.com.tw", - "DATE_PUBLIC" : "2018-03-08T00:00:00", - "ID" : "CVE-2017-7638", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "QNAP Media Streaming Add-On", - "version" : { - "version_data" : [ - { - "version_value" : "421.1.0.2, 430.1.2.0, and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "QNAP" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Incorrect Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@qnap.com", + "DATE_PUBLIC": "2018-03-08T00:00:00", + "ID": "CVE-2017-7638", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "QNAP Media Streaming Add-On", + "version": { + "version_data": [ + { + "version_value": "421.1.0.2, 430.1.2.0, and earlier" + } + ] + } + } + ] + }, + "vendor_name": "QNAP" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", - "refsource" : "CONFIRM", - "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "QNAP NAS application Media Streaming add-on version 421.1.0.2, 430.1.2.0, and earlier does not authenticate requests properly. Successful exploitation could lead to change of the Media Streaming settings, and leakage of sensitive information of the QNAP NAS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Incorrect Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08", + "refsource": "CONFIRM", + "url": "https://www.qnap.com/zh-tw/security-advisory/nas-201803-08" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7891.json b/2017/7xxx/CVE-2017-7891.json index c691b3f3b4f..e034853e6c7 100644 --- a/2017/7xxx/CVE-2017-7891.json +++ b/2017/7xxx/CVE-2017-7891.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/sbpp/sourcebans-pp/issues/253", - "refsource" : "MISC", - "url" : "https://github.com/sbpp/sourcebans-pp/issues/253" - }, - { - "name" : "97710", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97710" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97710", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97710" + }, + { + "name": "https://github.com/sbpp/sourcebans-pp/issues/253", + "refsource": "MISC", + "url": "https://github.com/sbpp/sourcebans-pp/issues/253" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10943.json b/2018/10xxx/CVE-2018-10943.json index 3909de93999..c9c4ef93745 100644 --- a/2018/10xxx/CVE-2018-10943.json +++ b/2018/10xxx/CVE-2018-10943.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10943", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10943", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", - "refsource" : "CONFIRM", - "url" : "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" - }, - { - "name" : "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", - "refsource" : "CONFIRM", - "url" : "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered on Barco ClickShare CSE-200 and CS-100 Base Units with firmware before 1.6.0.3. Sending an arbitrary unexpected string to TCP port 7100 respecting a certain frequency timing disconnects all clients and results in a crash of the Unit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", + "refsource": "CONFIRM", + "url": "https://www.barco.com/en/support/software/R33050070?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" + }, + { + "name": "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003", + "refsource": "CONFIRM", + "url": "https://www.barco.com/en/support/software/R33050069?majorVersion=01&minorVersion=06&patchVersion=00&buildVersion=003" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14107.json b/2018/14xxx/CVE-2018-14107.json index db1e116df49..ee772c007dd 100644 --- a/2018/14xxx/CVE-2018-14107.json +++ b/2018/14xxx/CVE-2018-14107.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14107", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14107", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14140.json b/2018/14xxx/CVE-2018-14140.json index 6f7c8fb2ff0..f73dcef1c82 100644 --- a/2018/14xxx/CVE-2018-14140.json +++ b/2018/14xxx/CVE-2018-14140.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14140", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14140", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14186.json b/2018/14xxx/CVE-2018-14186.json index 13adac6a9bc..3a545034660 100644 --- a/2018/14xxx/CVE-2018-14186.json +++ b/2018/14xxx/CVE-2018-14186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14186", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14410.json b/2018/14xxx/CVE-2018-14410.json index 2f47f6e6160..458ec0159bb 100644 --- a/2018/14xxx/CVE-2018-14410.json +++ b/2018/14xxx/CVE-2018-14410.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14410", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14410", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14728.json b/2018/14xxx/CVE-2018-14728.json index f191cd2f590..cc53d002b32 100644 --- a/2018/14xxx/CVE-2018-14728.json +++ b/2018/14xxx/CVE-2018-14728.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14728", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14728", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45103", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45103/" - }, - { - "name" : "http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45103", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45103/" + }, + { + "name": "http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15358.json b/2018/15xxx/CVE-2018-15358.json index 67e420cbd03..e1aa6913307 100644 --- a/2018/15xxx/CVE-2018-15358.json +++ b/2018/15xxx/CVE-2018-15358.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vulnerability@kaspersky.com", - "ID" : "CVE-2018-15358", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Eltex ESP-200", - "version" : { - "version_data" : [ - { - "version_value" : "1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Kaspersky Lab" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface" - } + "CVE_data_meta": { + "ASSIGNER": "vulnerability@kaspersky.com", + "ID": "CVE-2018-15358", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Eltex ESP-200", + "version": { + "version_data": [ + { + "version_value": "1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Kaspersky Lab" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/", - "refsource" : "MISC", - "url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/", + "refsource": "MISC", + "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15831.json b/2018/15xxx/CVE-2018-15831.json index d5b5a2de563..8e37dae890a 100644 --- a/2018/15xxx/CVE-2018-15831.json +++ b/2018/15xxx/CVE-2018-15831.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15831", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15831", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15887.json b/2018/15xxx/CVE-2018-15887.json index 32aa8ac3030..1eae2562474 100644 --- a/2018/15xxx/CVE-2018-15887.json +++ b/2018/15xxx/CVE-2018-15887.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15887", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15887", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fakhrizulkifli.github.io/CVE-2018-15887.html", - "refsource" : "MISC", - "url" : "https://fakhrizulkifli.github.io/CVE-2018-15887.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, such as shell metacharacters in the destIP parameter of a cmdMethod=ping request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fakhrizulkifli.github.io/CVE-2018-15887.html", + "refsource": "MISC", + "url": "https://fakhrizulkifli.github.io/CVE-2018-15887.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15945.json b/2018/15xxx/CVE-2018-15945.json index a959d21564f..4348333a46a 100644 --- a/2018/15xxx/CVE-2018-15945.json +++ b/2018/15xxx/CVE-2018-15945.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds write" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105432", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105432" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds write" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + }, + { + "name": "105432", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105432" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20174.json b/2018/20xxx/CVE-2018-20174.json index eab066e4396..d061e7aec49 100644 --- a/2018/20xxx/CVE-2018-20174.json +++ b/2018/20xxx/CVE-2018-20174.json @@ -1,67 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", - "refsource" : "MISC", - "url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" - }, - { - "name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", - "refsource" : "CONFIRM", - "url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in the function ui_clip_handle_data() that results in an information leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "BID", + "name": "106938", + "url": "http://www.securityfocus.com/bid/106938" + }, + { + "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", + "refsource": "MISC", + "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" + }, + { + "refsource": "GENTOO", + "name": "GLSA-201903-06", + "url": "https://security.gentoo.org/glsa/201903-06" + }, + { + "name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", + "refsource": "CONFIRM", + "url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" + }, + { + "refsource": "DEBIAN", + "name": "DSA-4394", + "url": "https://www.debian.org/security/2019/dsa-4394" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20443.json b/2018/20xxx/CVE-2018-20443.json index e8a05670947..227356dfe8f 100644 --- a/2018/20xxx/CVE-2018-20443.json +++ b/2018/20xxx/CVE-2018-20443.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html", - "refsource" : "MISC", - "url" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Technicolor TC7200.d1I TC7200.d1IE-N23E-c7000r5712-170406-HAT devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.4413.2.2.2.1.5.4.1.14.1.3.10001 and 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.3.4.1.2.10001 SNMP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html", + "refsource": "MISC", + "url": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20473.json b/2018/20xxx/CVE-2018-20473.json index 4b019a93de6..85c782f6c3e 100644 --- a/2018/20xxx/CVE-2018-20473.json +++ b/2018/20xxx/CVE-2018-20473.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20473", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20473", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20677.json b/2018/20xxx/CVE-2018-20677.json index f7b45df2d5e..4b1d95df4c9 100644 --- a/2018/20xxx/CVE-2018-20677.json +++ b/2018/20xxx/CVE-2018-20677.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20677", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20677", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", - "refsource" : "MISC", - "url" : "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27045", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27045" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" - }, - { - "name" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" - }, - { - "name" : "https://github.com/twbs/bootstrap/pull/27047", - "refsource" : "MISC", - "url" : "https://github.com/twbs/bootstrap/pull/27047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452140906" + }, + { + "name": "https://github.com/twbs/bootstrap/issues/27045", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27045" + }, + { + "name": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/", + "refsource": "MISC", + "url": "https://blog.getbootstrap.com/2018/12/13/bootstrap-3-4-0/" + }, + { + "name": "https://github.com/twbs/bootstrap/pull/27047", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/pull/27047" + }, + { + "name": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628", + "refsource": "MISC", + "url": "https://github.com/twbs/bootstrap/issues/27915#issuecomment-452196628" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9500.json b/2018/9xxx/CVE-2018-9500.json index 2441c13d643..6d48be98798 100644 --- a/2018/9xxx/CVE-2018-9500.json +++ b/2018/9xxx/CVE-2018-9500.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9500", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9500", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9733.json b/2018/9xxx/CVE-2018-9733.json index 2c6a45e10b3..750e72ad7fb 100644 --- a/2018/9xxx/CVE-2018-9733.json +++ b/2018/9xxx/CVE-2018-9733.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9733", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9733", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9922.json b/2018/9xxx/CVE-2018-9922.json index 1ada0dd9fd4..e4ee9b9fc81 100644 --- a/2018/9xxx/CVE-2018-9922.json +++ b/2018/9xxx/CVE-2018-9922.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/16", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/16" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/16", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/16" + } + ] + } +} \ No newline at end of file