diff --git a/2002/0xxx/CVE-2002-0351.json b/2002/0xxx/CVE-2002-0351.json index dbceb83ee87..8898ec0cc00 100644 --- a/2002/0xxx/CVE-2002-0351.json +++ b/2002/0xxx/CVE-2002-0351.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0351", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0351", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-116", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-116" - }, - { - "name" : "cfs-bo(8330)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8330.php" - }, - { - "name" : "4219", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4219" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-116", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-116" + }, + { + "name": "4219", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4219" + }, + { + "name": "cfs-bo(8330)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8330.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0370.json b/2002/0xxx/CVE-2002-0370.json index ad41263bac9..376cef5c5ed 100644 --- a/2002/0xxx/CVE-2002-0370.json +++ b/2002/0xxx/CVE-2002-0370.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html" - }, - { - "name" : "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103428193409223&w=2" - }, - { - "name" : "http://www.info-zip.org/FAQ.html", - "refsource" : "CONFIRM", - "url" : "http://www.info-zip.org/FAQ.html" - }, - { - "name" : "MS02-054", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054" - }, - { - "name" : "VU#383779", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/383779" - }, - { - "name" : "http://www.info.apple.com/usen/security/security_updates.html", - "refsource" : "CONFIRM", - "url" : "http://www.info.apple.com/usen/security/security_updates.html" - }, - { - "name" : "587", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/587" - }, - { - "name" : "win-zip-decompression-bo(10251)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10251.php" - }, - { - "name" : "5873", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5873" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.info.apple.com/usen/security/security_updates.html", + "refsource": "CONFIRM", + "url": "http://www.info.apple.com/usen/security/security_updates.html" + }, + { + "name": "http://www.info-zip.org/FAQ.html", + "refsource": "CONFIRM", + "url": "http://www.info-zip.org/FAQ.html" + }, + { + "name": "win-zip-decompression-bo(10251)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10251.php" + }, + { + "name": "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html" + }, + { + "name": "587", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/587" + }, + { + "name": "20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103428193409223&w=2" + }, + { + "name": "VU#383779", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/383779" + }, + { + "name": "MS02-054", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054" + }, + { + "name": "5873", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5873" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0390.json b/2002/0xxx/CVE-2002-0390.json index 82386bcdfca..cde608076ef 100644 --- a/2002/0xxx/CVE-2002-0390.json +++ b/2002/0xxx/CVE-2002-0390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0415.json b/2002/0xxx/CVE-2002-0415.json index 1ae9fbdd509..ea2b0805ecb 100644 --- a/2002/0xxx/CVE-2002-0415.json +++ b/2002/0xxx/CVE-2002-0415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020302 RealPlayer bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/259333" - }, - { - "name" : "4221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4221" - }, - { - "name" : "realplayer-http-directory-traversal(8336)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8336.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4221" + }, + { + "name": "20020302 RealPlayer bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/259333" + }, + { + "name": "realplayer-http-directory-traversal(8336)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8336.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0661.json b/2002/0xxx/CVE-2002-0661.json index 18628d78641..6d0d8c95b6d 100644 --- a/2002/0xxx/CVE-2002-0661.json +++ b/2002/0xxx/CVE-2002-0661.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \\ (backslash) characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020809 Apache 2.0 vulnerability affects non-Unix platforms", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102892744011436&w=2" - }, - { - "name" : "20020816 Apache 2.0.39 directory traversal and path disclosure bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102951160411052&w=2" - }, - { - "name" : "http://httpd.apache.org/info/security_bulletin_20020908a.txt", - "refsource" : "CONFIRM", - "url" : "http://httpd.apache.org/info/security_bulletin_20020908a.txt" - }, - { - "name" : "5434", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5434" - }, - { - "name" : "apache-access-data(9808)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9808.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \\ (backslash) characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020809 Apache 2.0 vulnerability affects non-Unix platforms", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102892744011436&w=2" + }, + { + "name": "5434", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5434" + }, + { + "name": "apache-access-data(9808)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9808.php" + }, + { + "name": "http://httpd.apache.org/info/security_bulletin_20020908a.txt", + "refsource": "CONFIRM", + "url": "http://httpd.apache.org/info/security_bulletin_20020908a.txt" + }, + { + "name": "20020816 Apache 2.0.39 directory traversal and path disclosure bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102951160411052&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2018.json b/2002/2xxx/CVE-2002-2018.json index d7422920d2a..c6ad3aab981 100644 --- a/2002/2xxx/CVE-2002-2018.json +++ b/2002/2xxx/CVE-2002-2018.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2018", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2018", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020130 sastcpd 8.0 'authprog' local root vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/253183" - }, - { - "name" : "http://www.sas.com/service/techsup/unotes/SN/004/004201.html", - "refsource" : "MISC", - "url" : "http://www.sas.com/service/techsup/unotes/SN/004/004201.html" - }, - { - "name" : "3995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3995" - }, - { - "name" : "1003406", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1003406" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sas.com/service/techsup/unotes/SN/004/004201.html", + "refsource": "MISC", + "url": "http://www.sas.com/service/techsup/unotes/SN/004/004201.html" + }, + { + "name": "3995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3995" + }, + { + "name": "20020130 sastcpd 8.0 'authprog' local root vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/253183" + }, + { + "name": "1003406", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1003406" + } + ] + } +} \ No newline at end of file diff --git a/2005/0xxx/CVE-2005-0473.json b/2005/0xxx/CVE-2005-0473.json index 2952658befa..26f1bc8d3f6 100644 --- a/2005/0xxx/CVE-2005-0473.json +++ b/2005/0xxx/CVE-2005-0473.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes \"an invalid memory access,\" a different vulnerability than CVE-2005-0208." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gaim.sourceforge.net/security/index.php?id=11", - "refsource" : "CONFIRM", - "url" : "http://gaim.sourceforge.net/security/index.php?id=11" - }, - { - "name" : "CLA-2005:933", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933" - }, - { - "name" : "FLSA:158543", - "refsource" : "FEDORA", - "url" : "http://www.securityfocus.com/archive/1/426078/100/0/threaded" - }, - { - "name" : "GLSA-200503-03", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml" - }, - { - "name" : "MDKSA-2005:049", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:049" - }, - { - "name" : "RHSA-2005:215", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-215.html" - }, - { - "name" : "20050225 [USN-85-1] Gaim vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=110935655500670&w=2" - }, - { - "name" : "SUSE-SA:2005:036", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" - }, - { - "name" : "VU#523888", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/523888" - }, - { - "name" : "12589", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/12589" - }, - { - "name" : "oval:org.mitre.oval:def:10212", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212" - }, - { - "name" : "14322", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14322" - }, - { - "name" : "gaim-html-dos(19381)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19381" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes \"an invalid memory access,\" a different vulnerability than CVE-2005-0208." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:10212", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212" + }, + { + "name": "FLSA:158543", + "refsource": "FEDORA", + "url": "http://www.securityfocus.com/archive/1/426078/100/0/threaded" + }, + { + "name": "VU#523888", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/523888" + }, + { + "name": "GLSA-200503-03", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml" + }, + { + "name": "gaim-html-dos(19381)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19381" + }, + { + "name": "20050225 [USN-85-1] Gaim vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=110935655500670&w=2" + }, + { + "name": "MDKSA-2005:049", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:049" + }, + { + "name": "CLA-2005:933", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933" + }, + { + "name": "http://gaim.sourceforge.net/security/index.php?id=11", + "refsource": "CONFIRM", + "url": "http://gaim.sourceforge.net/security/index.php?id=11" + }, + { + "name": "14322", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14322" + }, + { + "name": "RHSA-2005:215", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-215.html" + }, + { + "name": "12589", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/12589" + }, + { + "name": "SUSE-SA:2005:036", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1019.json b/2005/1xxx/CVE-2005-1019.json index 69e04b598c2..f2e48d77b8f 100644 --- a/2005/1xxx/CVE-2005-1019.json +++ b/2005/1xxx/CVE-2005-1019.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050404 Local buffer overflow on Aeon<=0.2a", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111262942708249&w=2" - }, - { - "name" : "http://security-tmp.h14.ru/exploits/23laeon.c.txt", - "refsource" : "MISC", - "url" : "http://security-tmp.h14.ru/exploits/23laeon.c.txt" - }, - { - "name" : "aeon-getconfig-bo(19951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://security-tmp.h14.ru/exploits/23laeon.c.txt", + "refsource": "MISC", + "url": "http://security-tmp.h14.ru/exploits/23laeon.c.txt" + }, + { + "name": "20050404 Local buffer overflow on Aeon<=0.2a", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111262942708249&w=2" + }, + { + "name": "aeon-getconfig-bo(19951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19951" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1882.json b/2005/1xxx/CVE-2005-1882.json index 837b528bdeb..57ceff1add8 100644 --- a/2005/1xxx/CVE-2005-1882.json +++ b/2005/1xxx/CVE-2005-1882.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1882", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1882", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", - "refsource" : "MISC", - "url" : "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" - }, - { - "name" : "17117", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17117" - }, - { - "name" : "15600", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15600/" - }, - { - "name" : "1014103", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014103" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15600", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15600/" + }, + { + "name": "17117", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17117" + }, + { + "name": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt", + "refsource": "MISC", + "url": "http://secwatch.org/advisories/secwatch/20050530_yapig.txt" + }, + { + "name": "1014103", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014103" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1128.json b/2009/1xxx/CVE-2009-1128.json index 65220b99848..6847cf9049a 100644 --- a/2009/1xxx/CVE-2009-1128.json +++ b/2009/1xxx/CVE-2009-1128.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1128", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka \"PP7 Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-1129." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2009-1128", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS09-017", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" - }, - { - "name" : "TA09-132A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" - }, - { - "name" : "34837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34837" - }, - { - "name" : "oval:org.mitre.oval:def:5416", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5416" - }, - { - "name" : "1022205", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022205" - }, - { - "name" : "32428", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32428" - }, - { - "name" : "ADV-2009-1290", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1290" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka \"PP7 Memory Corruption Vulnerability,\" a different vulnerability than CVE-2009-1129." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32428", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32428" + }, + { + "name": "ADV-2009-1290", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1290" + }, + { + "name": "MS09-017", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017" + }, + { + "name": "1022205", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022205" + }, + { + "name": "TA09-132A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html" + }, + { + "name": "34837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34837" + }, + { + "name": "oval:org.mitre.oval:def:5416", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5416" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1175.json b/2009/1xxx/CVE-2009-1175.json index 11842cf8ed5..b9177c140a1 100644 --- a/2009/1xxx/CVE-2009-1175.json +++ b/2009/1xxx/CVE-2009-1175.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1175", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1175", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090330 [Fwd: Cross-Site Scripting in Banshee DAAP Extension]", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/03/30/2" - }, - { - "name" : "http://bugzilla.gnome.org/show_bug.cgi?id=577270", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.gnome.org/show_bug.cgi?id=577270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in the DAAP extension in Banshee 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the server parameter, which is not properly handled in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090330 [Fwd: Cross-Site Scripting in Banshee DAAP Extension]", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/03/30/2" + }, + { + "name": "http://bugzilla.gnome.org/show_bug.cgi?id=577270", + "refsource": "CONFIRM", + "url": "http://bugzilla.gnome.org/show_bug.cgi?id=577270" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1244.json b/2009/1xxx/CVE-2009-1244.json index 93dbc8affd0..c078df25ea4 100644 --- a/2009/1xxx/CVE-2009-1244.json +++ b/2009/1xxx/CVE-2009-1244.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1244", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1244", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/502615/100/0/threaded" - }, - { - "name" : "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000055.html" - }, - { - "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0006.html", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0006.html" - }, - { - "name" : "GLSA-201209-25", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml" - }, - { - "name" : "34471", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34471" - }, - { - "name" : "53634", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/53634" - }, - { - "name" : "oval:org.mitre.oval:def:6065", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065" - }, - { - "name" : "1022031", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022031" - }, - { - "name" : "ADV-2009-0944", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0944" - }, - { - "name" : "vmware-virtualmachine-code-execution(49834)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the virtual machine display function in VMware Workstation 6.5.1 and earlier; VMware Player 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 1.x before 1.0.9 build 156507 and 2.x before 2.0.1 build 156745; VMware Fusion before 2.0.4 build 159196; VMware ESXi 3.5; and VMware ESX 3.0.2, 3.0.3, and 3.5 allows guest OS users to execute arbitrary code on the host OS via unknown vectors, a different vulnerability than CVE-2008-4916." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-25", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-25.xml" + }, + { + "name": "vmware-virtualmachine-code-execution(49834)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49834" + }, + { + "name": "34471", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34471" + }, + { + "name": "1022031", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022031" + }, + { + "name": "53634", + "refsource": "OSVDB", + "url": "http://osvdb.org/53634" + }, + { + "name": "oval:org.mitre.oval:def:6065", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6065" + }, + { + "name": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/security/advisories/VMSA-2009-0006.html" + }, + { + "name": "ADV-2009-0944", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0944" + }, + { + "name": "[security-announce] 20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2009/000055.html" + }, + { + "name": "20090410 VMSA-2009-0006 VMware Hosted products and patches for ESX and ESXi resolve a critical security vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/502615/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1279.json b/2009/1xxx/CVE-2009-1279.json index d65209d54d7..9997fecef68 100644 --- a/2009/1xxx/CVE-2009-1279.json +++ b/2009/1xxx/CVE-2009-1279.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html" - }, - { - "name" : "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html", - "refsource" : "CONFIRM", - "url" : "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html" - }, - { - "name" : "34360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34360" - }, - { - "name" : "34551", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34551" - }, - { - "name" : "admin-search-unspecified-xss(49655)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655" - }, - { - "name" : "content-categoryview-xss(49654)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when \"Gather Search Statistics\" is enabled, and (3) the category view in the com_content component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34360" + }, + { + "name": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/294-20090302-core-comcontent-xss.html" + }, + { + "name": "34551", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34551" + }, + { + "name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html", + "refsource": "CONFIRM", + "url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html" + }, + { + "name": "admin-search-unspecified-xss(49655)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49655" + }, + { + "name": "content-categoryview-xss(49654)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49654" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1379.json b/2009/1xxx/CVE-2009-1379.json index 9a6648015ba..019888f49f7 100644 --- a/2009/1xxx/CVE-2009-1379.json +++ b/2009/1xxx/CVE-2009-1379.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1379", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2009-1379", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2009/05/18/4" - }, - { - "name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", - "refsource" : "MLIST", - "url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" - }, - { - "name" : "https://launchpad.net/bugs/cve/2009-1379", - "refsource" : "MISC", - "url" : "https://launchpad.net/bugs/cve/2009-1379" - }, - { - "name" : "http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest", - "refsource" : "CONFIRM", - "url" : "http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest" - }, - { - "name" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" - }, - { - "name" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", - "refsource" : "CONFIRM", - "url" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" - }, - { - "name" : "https://kb.bluecoat.com/index?page=content&id=SA50", - "refsource" : "CONFIRM", - "url" : "https://kb.bluecoat.com/index?page=content&id=SA50" - }, - { - "name" : "GLSA-200912-01", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200912-01.xml" - }, - { - "name" : "HPSBMA02492", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "SSRT100079", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" - }, - { - "name" : "NetBSD-SA2009-009", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" - }, - { - "name" : "RHSA-2009:1335", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html" - }, - { - "name" : "SSA:2010-060-02", - "refsource" : "SLACKWARE", - "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049" - }, - { - "name" : "SUSE-SR:2009:011", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" - }, - { - "name" : "USN-792-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-792-1" - }, - { - "name" : "35138", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35138" - }, - { - "name" : "oval:org.mitre.oval:def:6848", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848" - }, - { - "name" : "oval:org.mitre.oval:def:9744", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744" - }, - { - "name" : "1022241", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1022241" - }, - { - "name" : "35416", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35416" - }, - { - "name" : "35461", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35461" - }, - { - "name" : "35571", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35571" - }, - { - "name" : "35729", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35729" - }, - { - "name" : "37003", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37003" - }, - { - "name" : "38761", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38761" - }, - { - "name" : "38794", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38794" - }, - { - "name" : "38834", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/38834" - }, - { - "name" : "42724", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42724" - }, - { - "name" : "42733", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/42733" - }, - { - "name" : "36533", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/36533" - }, - { - "name" : "ADV-2009-1377", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1377" - }, - { - "name" : "ADV-2010-0528", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/0528" - }, - { - "name" : "openssl-dtls1retrievebufferedfragment-dos(50661)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "42724", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42724" + }, + { + "name": "https://launchpad.net/bugs/cve/2009-1379", + "refsource": "MISC", + "url": "https://launchpad.net/bugs/cve/2009-1379" + }, + { + "name": "SSA:2010-060-02", + "refsource": "SLACKWARE", + "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049" + }, + { + "name": "38794", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38794" + }, + { + "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", + "refsource": "MLIST", + "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" + }, + { + "name": "ADV-2009-1377", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1377" + }, + { + "name": "35729", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35729" + }, + { + "name": "GLSA-200912-01", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" + }, + { + "name": "RHSA-2009:1335", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html" + }, + { + "name": "HPSBMA02492", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "38761", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38761" + }, + { + "name": "37003", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37003" + }, + { + "name": "36533", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/36533" + }, + { + "name": "1022241", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1022241" + }, + { + "name": "USN-792-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-792-1" + }, + { + "name": "SUSE-SR:2009:011", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" + }, + { + "name": "oval:org.mitre.oval:def:9744", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9744" + }, + { + "name": "openssl-dtls1retrievebufferedfragment-dos(50661)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50661" + }, + { + "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", + "refsource": "CONFIRM", + "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" + }, + { + "name": "35138", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35138" + }, + { + "name": "[oss-security] 20090518 Re: Two OpenSSL DTLS remote DoS", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2009/05/18/4" + }, + { + "name": "NetBSD-SA2009-009", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" + }, + { + "name": "38834", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/38834" + }, + { + "name": "35461", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35461" + }, + { + "name": "35571", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35571" + }, + { + "name": "oval:org.mitre.oval:def:6848", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6848" + }, + { + "name": "35416", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35416" + }, + { + "name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" + }, + { + "name": "https://kb.bluecoat.com/index?page=content&id=SA50", + "refsource": "CONFIRM", + "url": "https://kb.bluecoat.com/index?page=content&id=SA50" + }, + { + "name": "http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest", + "refsource": "CONFIRM", + "url": "http://rt.openssl.org/Ticket/Display.html?id=1923&user=guest&pass=guest" + }, + { + "name": "SSRT100079", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" + }, + { + "name": "42733", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/42733" + }, + { + "name": "ADV-2010-0528", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/0528" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1766.json b/2009/1xxx/CVE-2009-1766.json index 8dfdda139db..f3e73f0f5fc 100644 --- a/2009/1xxx/CVE-2009-1766.json +++ b/2009/1xxx/CVE-2009-1766.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1766", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1766", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090604 SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504101/100/0/threaded" - }, - { - "name" : "8724", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8724" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20090604 SQL INJECTION VULNERABILITY--LightOpen CMS Devel 0.1-->", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504101/100/0/threaded" + }, + { + "name": "8724", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8724" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1937.json b/2009/1xxx/CVE-2009-1937.json index c4ef9d0968f..b9c808dc4cc 100644 --- a/2009/1xxx/CVE-2009-1937.json +++ b/2009/1xxx/CVE-2009-1937.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 \"no database\" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090603 [InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/504092/100/0/threaded" - }, - { - "name" : "http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html", - "refsource" : "MISC", - "url" : "http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html" - }, - { - "name" : "35229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/35229" - }, - { - "name" : "35354", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/35354" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 \"no database\" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html", + "refsource": "MISC", + "url": "http://forum.intern0t.net/intern0t-advisories/1081-intern0t-lightneasy-2-2-2-html-injection-vulnerability.html" + }, + { + "name": "20090603 [InterN0T] LightNEasy 2.2.2 - HTML Injection Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/504092/100/0/threaded" + }, + { + "name": "35354", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/35354" + }, + { + "name": "35229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/35229" + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5095.json b/2009/5xxx/CVE-2009-5095.json index 23dc98422f0..b1df05346b2 100644 --- a/2009/5xxx/CVE-2009-5095.json +++ b/2009/5xxx/CVE-2009-5095.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8052", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/8052" - }, - { - "name" : "33774", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33774" - }, - { - "name" : "33927", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33927" - }, - { - "name" : "eagbook-indexinc-file-include(48759)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48759" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index_inc.php in ea gBook 0.1 and 0.1.4 allows remote attackers to execute arbitrary PHP code via a URL in the inc_ordner parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "33774", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33774" + }, + { + "name": "eagbook-indexinc-file-include(48759)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48759" + }, + { + "name": "8052", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/8052" + }, + { + "name": "33927", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33927" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0595.json b/2012/0xxx/CVE-2012-0595.json index f081ac79d46..fd36c68255f 100644 --- a/2012/0xxx/CVE-2012-0595.json +++ b/2012/0xxx/CVE-2012-0595.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79917" - }, - { - "name" : "oval:org.mitre.oval:def:17057", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17057" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120595-code-execution(73814)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "oval:org.mitre.oval:def:17057", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17057" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "79917", + "refsource": "OSVDB", + "url": "http://osvdb.org/79917" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "apple-webkit-cve20120595-code-execution(73814)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73814" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0613.json b/2012/0xxx/CVE-2012-0613.json index c5d7fef4258..b55fabb62c3 100644 --- a/2012/0xxx/CVE-2012-0613.json +++ b/2012/0xxx/CVE-2012-0613.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-03-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" - }, - { - "name" : "52365", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52365" - }, - { - "name" : "79935", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79935" - }, - { - "name" : "oval:org.mitre.oval:def:17473", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17473" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48274", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48274" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - }, - { - "name" : "48377", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48377" - }, - { - "name" : "apple-webkit-cve20120613-code-execution(73832)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73832" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apple-webkit-cve20120613-code-execution(73832)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73832" + }, + { + "name": "52365", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52365" + }, + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48377", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48377" + }, + { + "name": "oval:org.mitre.oval:def:17473", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17473" + }, + { + "name": "79935", + "refsource": "OSVDB", + "url": "http://osvdb.org/79935" + }, + { + "name": "APPLE-SA-2012-03-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" + }, + { + "name": "48274", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48274" + }, + { + "name": "APPLE-SA-2012-03-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2250.json b/2012/2xxx/CVE-2012-2250.json index 73fbbdf862b..d598315e4ba 100644 --- a/2012/2xxx/CVE-2012-2250.json +++ b/2012/2xxx/CVE-2012-2250.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@debian.org", + "ID": "CVE-2012-2250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Tor before 0.2.3.24-rc allows remote attackers to cause a denial of service (assertion failure and daemon exit) by performing link protocol negotiation incorrectly." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog", + "refsource": "CONFIRM", + "url": "https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2517.json b/2012/2xxx/CVE-2012-2517.json index c9e7d7e6b7d..1f2ccf64445 100644 --- a/2012/2xxx/CVE-2012-2517.json +++ b/2012/2xxx/CVE-2012-2517.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2517", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-2517", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2850.json b/2012/2xxx/CVE-2012-2850.json index e7550c969ad..a4a80ee7577 100644 --- a/2012/2xxx/CVE-2012-2850.json +++ b/2012/2xxx/CVE-2012-2850.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2850", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-2850", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=130251", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=130251" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=130592", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=130592" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=130611", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=130611" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=131068", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=131068" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=131237", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=131237" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=131252", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=131252" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=131621", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=131621" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=131690", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=131690" - }, - { - "name" : "http://code.google.com/p/chromium/issues/detail?id=132860", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/chromium/issues/detail?id=132860" - }, - { - "name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" - }, - { - "name" : "oval:org.mitre.oval:def:15630", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15630" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to have an unknown impact via a crafted document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://code.google.com/p/chromium/issues/detail?id=132860", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=132860" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=131621", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=131621" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=130611", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=130611" + }, + { + "name": "oval:org.mitre.oval:def:15630", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15630" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=130592", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=130592" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=130251", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=130251" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=131690", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=131690" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=131252", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=131252" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=131068", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=131068" + }, + { + "name": "http://code.google.com/p/chromium/issues/detail?id=131237", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/chromium/issues/detail?id=131237" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3778.json b/2012/3xxx/CVE-2012-3778.json index 345a50b0b7d..cc928375c71 100644 --- a/2012/3xxx/CVE-2012-3778.json +++ b/2012/3xxx/CVE-2012-3778.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3778", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3778", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3891.json b/2012/3xxx/CVE-2012-3891.json index c1e5b2c69a0..563f1d75069 100644 --- a/2012/3xxx/CVE-2012-3891.json +++ b/2012/3xxx/CVE-2012-3891.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3891", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3891", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3924.json b/2012/3xxx/CVE-2012-3924.json index 2c7c39abd2e..c658dffaf42 100644 --- a/2012/3xxx/CVE-2012-3924.json +++ b/2012/3xxx/CVE-2012-3924.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3924", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3924", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html" - }, - { - "name" : "ciscoios-sslvpn-dtls-enabled-dos(78672)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78672" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCty97961." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html" + }, + { + "name": "ciscoios-sslvpn-dtls-enabled-dos(78672)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78672" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4657.json b/2012/4xxx/CVE-2012-4657.json index e6b5d7d6177..9fd94365053 100644 --- a/2012/4xxx/CVE-2012-4657.json +++ b/2012/4xxx/CVE-2012-4657.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4657", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4657", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4755.json b/2012/4xxx/CVE-2012-4755.json index 96f72f1943e..2633c22ba7e 100644 --- a/2012/4xxx/CVE-2012-4755.json +++ b/2012/4xxx/CVE-2012-4755.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4755", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4755", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php", - "refsource" : "MISC", - "url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php" - }, - { - "name" : "http://www.scitools.com/support/buildLogs/understand26_build_log.html", - "refsource" : "CONFIRM", - "url" : "http://www.scitools.com/support/buildLogs/understand26_build_log.html" - }, - { - "name" : "47921", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47921" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in SciTools Understand before 2.6 build 600 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .udb file. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47921", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47921" + }, + { + "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php", + "refsource": "MISC", + "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5071.php" + }, + { + "name": "http://www.scitools.com/support/buildLogs/understand26_build_log.html", + "refsource": "CONFIRM", + "url": "http://www.scitools.com/support/buildLogs/understand26_build_log.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4892.json b/2012/4xxx/CVE-2012-4892.json index 35e6ed9ee80..f714c35e170 100644 --- a/2012/4xxx/CVE-2012-4892.json +++ b/2012/4xxx/CVE-2012-4892.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4892", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4892", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "80877", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/80877" - }, - { - "name" : "48656", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48656" - }, - { - "name" : "flatnux-index-xss(74566)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74566" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flatnux-index-xss(74566)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74566" + }, + { + "name": "80877", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/80877" + }, + { + "name": "48656", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48656" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4908.json b/2012/4xxx/CVE-2012-4908.json index ec5e8c53fe5..246248ed397 100644 --- a/2012/4xxx/CVE-2012-4908.json +++ b/2012/4xxx/CVE-2012-4908.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4908", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4908", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=144866", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=144866" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.google.com/p/chromium/issues/detail?id=144866", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=144866" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6684.json b/2012/6xxx/CVE-2012-6684.json index c573ec3d801..d05711c0858 100644 --- a/2012/6xxx/CVE-2012-6684.json +++ b/2012/6xxx/CVE-2012-6684.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6684", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6684", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20141211 RedCloth contains unfixed XSS vulnerability for 9 years", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2014/Dec/50" - }, - { - "name" : "http://co3k.org/blog/redcloth-unfixed-xss-en", - "refsource" : "MISC", - "url" : "http://co3k.org/blog/redcloth-unfixed-xss-en" - }, - { - "name" : "http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss", - "refsource" : "MISC", - "url" : "http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss" - }, - { - "name" : "https://gist.github.com/co3k/75b3cb416c342aa1414c", - "refsource" : "MISC", - "url" : "https://gist.github.com/co3k/75b3cb416c342aa1414c" - }, - { - "name" : "DSA-3168", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2015/dsa-3168" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://co3k.org/blog/redcloth-unfixed-xss-en", + "refsource": "MISC", + "url": "http://co3k.org/blog/redcloth-unfixed-xss-en" + }, + { + "name": "http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss", + "refsource": "MISC", + "url": "http://jgarber.lighthouseapp.com/projects/13054-redcloth/tickets/243-xss" + }, + { + "name": "20141211 RedCloth contains unfixed XSS vulnerability for 9 years", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2014/Dec/50" + }, + { + "name": "https://gist.github.com/co3k/75b3cb416c342aa1414c", + "refsource": "MISC", + "url": "https://gist.github.com/co3k/75b3cb416c342aa1414c" + }, + { + "name": "DSA-3168", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2015/dsa-3168" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2286.json b/2017/2xxx/CVE-2017-2286.json index ffc9df84105..97b583f8152 100644 --- a/2017/2xxx/CVE-2017-2286.json +++ b/2017/2xxx/CVE-2017-2286.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2286", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)", - "version" : { - "version_data" : [ - { - "version_value" : "Version 5.5.0.6 and earlier" - } - ] - } - }, - { - "product_name" : "NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)", - "version" : { - "version_data" : [ - { - "version_value" : "Version 5.3.6.7 and earlier" - } - ] - } - }, - { - "product_name" : "PC/SC Activator for Type B", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.1.2.1.0 and earlier" - } - ] - } - }, - { - "product_name" : "SFCard Viewer 2", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.2.5.0.0 and earlier" - } - ] - } - }, - { - "product_name" : "NFC Net Installer", - "version" : { - "version_data" : [ - { - "version_value" : "Ver.1.1.0.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Sony Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2286", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "NFC Port Software (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S)", + "version": { + "version_data": [ + { + "version_value": "Version 5.5.0.6 and earlier" + } + ] + } + }, + { + "product_name": "NFC Port Software (for RC-S320, RC-S310/J1C, RC-S310/ED4C)", + "version": { + "version_data": [ + { + "version_value": "Version 5.3.6.7 and earlier" + } + ] + } + }, + { + "product_name": "PC/SC Activator for Type B", + "version": { + "version_data": [ + { + "version_value": "Ver.1.2.1.0 and earlier" + } + ] + } + }, + { + "product_name": "SFCard Viewer 2", + "version": { + "version_data": [ + { + "version_value": "Ver.2.5.0.0 and earlier" + } + ] + } + }, + { + "product_name": "NFC Net Installer", + "version": { + "version_data": [ + { + "version_value": "Ver.1.1.0.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Sony Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#16136413", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN16136413/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#16136413", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN16136413/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2498.json b/2017/2xxx/CVE-2017-2498.json index 9fc671a1bc5..532418425a4 100644 --- a/2017/2xxx/CVE-2017-2498.json +++ b/2017/2xxx/CVE-2017-2498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the \"Security\" component. It allows attackers to bypass intended access restrictions via an untrusted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "98479", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98479" - }, - { - "name" : "1038485", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the \"Security\" component. It allows attackers to bypass intended access restrictions via an untrusted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98479", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98479" + }, + { + "name": "1038485", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038485" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6021.json b/2017/6xxx/CVE-2017-6021.json index 59248e79e64..72fe64b23b9 100644 --- a/2017/6xxx/CVE-2017-6021.json +++ b/2017/6xxx/CVE-2017-6021.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2017-03-09T00:00:00", - "ID" : "CVE-2017-6021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ClearSCADA", - "version" : { - "version_data" : [ - { - "version_value" : "2014 R1 (build 75.5210) and prior" - }, - { - "version_value" : "2014 R1.1 (build 75.5387) and prior" - }, - { - "version_value" : "2015 R1 (build 76.5648) and prior" - }, - { - "version_value" : "2015 R2 (build 77.5882) and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Schneider Electric SE" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER INPUT VALIDATION CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2017-03-09T00:00:00", + "ID": "CVE-2017-6021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ClearSCADA", + "version": { + "version_data": [ + { + "version_value": "2014 R1 (build 75.5210) and prior" + }, + { + "version_value": "2014 R1.1 (build 75.5387) and prior" + }, + { + "version_value": "2015 R1 (build 76.5648) and prior" + }, + { + "version_value": "2015 R2 (build 77.5882) and prior" + } + ] + } + } + ] + }, + "vendor_name": "Schneider Electric SE" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01" - }, - { - "name" : "96768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96768" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, 2014 R1.1 (build 75.5387) and prior, 2015 R1 (build 76.5648) and prior, and 2015 R2 (build 77.5882) and prior, an attacker with network access to the ClearSCADA server can send specially crafted sequences of commands and data packets to the ClearSCADA server that can cause the ClearSCADA server process and ClearSCADA communications driver processes to terminate. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER INPUT VALIDATION CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96768" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-068-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6478.json b/2017/6xxx/CVE-2017-6478.json index 148c272d61b..61275dcfdb3 100644 --- a/2017/6xxx/CVE-2017-6478.json +++ b/2017/6xxx/CVE-2017-6478.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15", - "refsource" : "CONFIRM", - "url" : "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15" - }, - { - "name" : "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8", - "refsource" : "CONFIRM", - "url" : "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8" - }, - { - "name" : "96584", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96584" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96584", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96584" + }, + { + "name": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15", + "refsource": "CONFIRM", + "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/issues/15" + }, + { + "name": "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8", + "refsource": "CONFIRM", + "url": "https://github.com/paintballrefjosh/MaNGOSWebV4/releases/tag/4.0.8" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6644.json b/2017/6xxx/CVE-2017-6644.json index 4af215309ed..01e289b6dbe 100644 --- a/2017/6xxx/CVE-2017-6644.json +++ b/2017/6xxx/CVE-2017-6644.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6644", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Remote Expert Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Remote Expert Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-200" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6644", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Remote Expert Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Remote Expert Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4" - }, - { - "name" : "98539", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98539" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52860." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-200" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98539", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98539" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem4" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6761.json b/2017/6xxx/CVE-2017-6761.json index a2d2fd140ef..1e7338808c6 100644 --- a/2017/6xxx/CVE-2017-6761.json +++ b/2017/6xxx/CVE-2017-6761.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6761", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Finesse", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Finesse" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79 Reflected Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6761", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Finesse", + "version": { + "version_data": [ + { + "version_value": "Cisco Finesse" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd96744", - "refsource" : "CONFIRM", - "url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd96744" - }, - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf" - }, - { - "name" : "100110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100110" - }, - { - "name" : "1039059", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Finesse 10.6(1) and 11.5(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd96744." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79 Reflected Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd96744", + "refsource": "CONFIRM", + "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvd96744" + }, + { + "name": "100110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100110" + }, + { + "name": "1039059", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039059" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-cf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11034.json b/2018/11xxx/CVE-2018-11034.json index 4b707f5aa88..d8038695a06 100644 --- a/2018/11xxx/CVE-2018-11034.json +++ b/2018/11xxx/CVE-2018-11034.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44619", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44619/" - }, - { - "name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x8000200D", - "refsource" : "MISC", - "url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x8000200D" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 version) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCTL 0x8000200D." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x8000200D", + "refsource": "MISC", + "url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NsProtect.sys-x64-0x8000200D" + }, + { + "name": "44619", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44619/" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11460.json b/2018/11xxx/CVE-2018-11460.json index 97a490149e2..5f566a7fa3e 100644 --- a/2018/11xxx/CVE-2018-11460.json +++ b/2018/11xxx/CVE-2018-11460.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2018-11460", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", - "version" : { - "version_data" : [ - { - "version_value" : "SINUMERIK 808D V4.7 : All versions" - }, - { - "version_value" : "SINUMERIK 808D V4.8 : All versions" - }, - { - "version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" - }, - { - "version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" - }, - { - "version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" - } - ] - } - } - ] - }, - "vendor_name" : "Siemens AG" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-693: Protection Mechanism Failure" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2018-11460", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", + "version": { + "version_data": [ + { + "version_value": "SINUMERIK 808D V4.7 : All versions" + }, + { + "version_value": "SINUMERIK 808D V4.8 : All versions" + }, + { + "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" + }, + { + "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" + }, + { + "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" + } + ] + } + } + ] + }, + "vendor_name": "Siemens AG" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", - "refsource" : "CONFIRM", - "url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" - }, - { - "name" : "106185", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker with elevated user privileges (manufact) could modify a CRAMFS archive so that after reboot the system loads the modified CRAMFS file and attacker-controlled code is executed with root privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires elevated user privileges (manufact) but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-693: Protection Mechanism Failure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106185", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106185" + }, + { + "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", + "refsource": "CONFIRM", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11475.json b/2018/11xxx/CVE-2018-11475.json index 181dda18bd6..847af67a143 100644 --- a/2018/11xxx/CVE-2018-11475.json +++ b/2018/11xxx/CVE-2018-11475.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11475", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11475", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/monstra-cms/monstra/issues/443", - "refsource" : "MISC", - "url" : "https://github.com/monstra-cms/monstra/issues/443" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/monstra-cms/monstra/issues/443", + "refsource": "MISC", + "url": "https://github.com/monstra-cms/monstra/issues/443" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11656.json b/2018/11xxx/CVE-2018-11656.json index 8b3c2a8817b..5ae75fe5928 100644 --- a/2018/11xxx/CVE-2018-11656.json +++ b/2018/11xxx/CVE-2018-11656.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11656", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11656", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/931", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/931" - }, - { - "name" : "USN-3681-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3681-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/931", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/issues/931" + }, + { + "name": "USN-3681-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3681-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14073.json b/2018/14xxx/CVE-2018-14073.json index 3461c9a34c0..ae139b55057 100644 --- a/2018/14xxx/CVE-2018-14073.json +++ b/2018/14xxx/CVE-2018-14073.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926", - "refsource" : "MISC", - "url" : "https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libsixel 1.8.1 has a memory leak in sixel_allocator_new in allocator.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926", + "refsource": "MISC", + "url": "https://github.com/saitoha/libsixel/issues/67#issuecomment-404989926" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14798.json b/2018/14xxx/CVE-2018-14798.json index 964c56a7130..d96d1b16002 100644 --- a/2018/14xxx/CVE-2018-14798.json +++ b/2018/14xxx/CVE-2018-14798.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-14798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", - "version" : { - "version_data" : [ - { - "version_value" : "v3.3 v7.3.4.1a" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OUT-OF-BOUNDS READ CWE-125" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-14798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", + "version": { + "version_data": [ + { + "version_value": "v3.3 v7.3.4.1a" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03" - }, - { - "name" : "105408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly parse FNC files that may allow for information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OUT-OF-BOUNDS READ CWE-125" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105408" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14802.json b/2018/14xxx/CVE-2018-14802.json index 988c9af2e18..b262ee06a6f 100644 --- a/2018/14xxx/CVE-2018-14802.json +++ b/2018/14xxx/CVE-2018-14802.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-09-27T00:00:00", - "ID" : "CVE-2018-14802", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", - "version" : { - "version_data" : [ - { - "version_value" : "v3.3 v7.3.4.1a" - } - ] - } - } - ] - }, - "vendor_name" : "Fuji Electric" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "STACK-BASED BUFFER OVERFLOW CWE-121" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-09-27T00:00:00", + "ID": "CVE-2018-14802", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FRENIC LOADER of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace", + "version": { + "version_data": [ + { + "version_value": "v3.3 v7.3.4.1a" + } + ] + } + } + ] + }, + "vendor_name": "Fuji Electric" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03" - }, - { - "name" : "105408", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which may allow for arbitrary remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "STACK-BASED BUFFER OVERFLOW CWE-121" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105408", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105408" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-03" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14846.json b/2018/14xxx/CVE-2018-14846.json index a4784af75e1..6ed50183ab4 100644 --- a/2018/14xxx/CVE-2018-14846.json +++ b/2018/14xxx/CVE-2018-14846.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14846", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14846", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html", - "refsource" : "MISC", - "url" : "https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html" - }, - { - "name" : "https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/", - "refsource" : "MISC", - "url" : "https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/9186", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/9186" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wpvulndb.com/vulnerabilities/9186", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/9186" + }, + { + "name": "https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html", + "refsource": "MISC", + "url": "https://ansawaf.blogspot.com/2018/10/cve-2018-14846-multiple-stored-xss-in.html" + }, + { + "name": "https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/", + "refsource": "MISC", + "url": "https://cwatch.comodo.com/blog/website-security/vulnerability-found-in-multiple-stored-xss-form-in-wordpress-version-1-2-5/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15038.json b/2018/15xxx/CVE-2018-15038.json index 5488718b924..1e379b992ea 100644 --- a/2018/15xxx/CVE-2018-15038.json +++ b/2018/15xxx/CVE-2018-15038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15038", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15038", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15159.json b/2018/15xxx/CVE-2018-15159.json index c88569a6b4a..d600db97f93 100644 --- a/2018/15xxx/CVE-2018-15159.json +++ b/2018/15xxx/CVE-2018-15159.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15159", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15159", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libyal/libesedb/issues/43", - "refsource" : "MISC", - "url" : "https://github.com/libyal/libesedb/issues/43" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libyal/libesedb/issues/43", + "refsource": "MISC", + "url": "https://github.com/libyal/libesedb/issues/43" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15170.json b/2018/15xxx/CVE-2018-15170.json index a870364cd68..1d5ab7c0a47 100644 --- a/2018/15xxx/CVE-2018-15170.json +++ b/2018/15xxx/CVE-2018-15170.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15170", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15170", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15260.json b/2018/15xxx/CVE-2018-15260.json index 537c2e7ea9a..7bd59bca408 100644 --- a/2018/15xxx/CVE-2018-15260.json +++ b/2018/15xxx/CVE-2018-15260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15260", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15260", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15546.json b/2018/15xxx/CVE-2018-15546.json index 376af3372bd..4ac9038327a 100644 --- a/2018/15xxx/CVE-2018-15546.json +++ b/2018/15xxx/CVE-2018-15546.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15546", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15546", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@mrnikhilsri/stored-cross-site-scripting-in-prizmdoc-13-3-and-before-cve-2018-15546-1938191845c5", - "refsource" : "MISC", - "url" : "https://medium.com/@mrnikhilsri/stored-cross-site-scripting-in-prizmdoc-13-3-and-before-cve-2018-15546-1938191845c5" - }, - { - "name" : "http://help.accusoft.com/PrizmDoc/v13.4/ReleaseNotes/index.htm", - "refsource" : "CONFIRM", - "url" : "http://help.accusoft.com/PrizmDoc/v13.4/ReleaseNotes/index.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://help.accusoft.com/PrizmDoc/v13.4/ReleaseNotes/index.htm", + "refsource": "CONFIRM", + "url": "http://help.accusoft.com/PrizmDoc/v13.4/ReleaseNotes/index.htm" + }, + { + "name": "https://medium.com/@mrnikhilsri/stored-cross-site-scripting-in-prizmdoc-13-3-and-before-cve-2018-15546-1938191845c5", + "refsource": "MISC", + "url": "https://medium.com/@mrnikhilsri/stored-cross-site-scripting-in-prizmdoc-13-3-and-before-cve-2018-15546-1938191845c5" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15739.json b/2018/15xxx/CVE-2018-15739.json index 57072f3095e..63113b9987d 100644 --- a/2018/15xxx/CVE-2018-15739.json +++ b/2018/15xxx/CVE-2018-15739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20725.json b/2018/20xxx/CVE-2018-20725.json index 639f3aa2637..6d473399efd 100644 --- a/2018/20xxx/CVE-2018-20725.json +++ b/2018/20xxx/CVE-2018-20725.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20725", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20725", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/blob/develop/CHANGELOG" - }, - { - "name" : "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d" - }, - { - "name" : "https://github.com/Cacti/cacti/issues/2214", - "refsource" : "MISC", - "url" : "https://github.com/Cacti/cacti/issues/2214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d" + }, + { + "name": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/blob/develop/CHANGELOG" + }, + { + "name": "https://github.com/Cacti/cacti/issues/2214", + "refsource": "MISC", + "url": "https://github.com/Cacti/cacti/issues/2214" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20796.json b/2018/20xxx/CVE-2018-20796.json index e75e0d39b30..d1711547025 100644 --- a/2018/20xxx/CVE-2018-20796.json +++ b/2018/20xxx/CVE-2018-20796.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", - "refsource" : "MISC", - "url" : "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141" - }, - { - "name" : "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", - "refsource" : "MISC", - "url" : "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190315-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190315-0002/" - }, - { - "name" : "107160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/107160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\\227|)(\\\\1\\\\1|t1|\\\\\\2537)+' in grep." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20190315-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190315-0002/" + }, + { + "name": "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html", + "refsource": "MISC", + "url": "https://lists.gnu.org/archive/html/bug-gnulib/2019-01/msg00108.html" + }, + { + "name": "107160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/107160" + }, + { + "name": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141", + "refsource": "MISC", + "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9927.json b/2018/9xxx/CVE-2018-9927.json index dd896884d24..2a97c9fe9e6 100644 --- a/2018/9xxx/CVE-2018-9927.json +++ b/2018/9xxx/CVE-2018-9927.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/128", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/128" - }, - { - "name" : "http://www.iwantacve.cn/index.php/archives/7/", - "refsource" : "MISC", - "url" : "http://www.iwantacve.cn/index.php/archives/7/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a user account via index.php?m=member&f=index&v=add." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iwantacve.cn/index.php/archives/7/", + "refsource": "MISC", + "url": "http://www.iwantacve.cn/index.php/archives/7/" + }, + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/128", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/128" + } + ] + } +} \ No newline at end of file