From e7cd5271a1056b40234401dc2178aa50a05a7db4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 01:00:34 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0137.json | 130 +++++++-------- 2002/0xxx/CVE-2002-0343.json | 140 ++++++++--------- 2002/0xxx/CVE-2002-0796.json | 170 ++++++++++---------- 2002/1xxx/CVE-2002-1141.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1590.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1738.json | 140 ++++++++--------- 2002/1xxx/CVE-2002-1899.json | 150 +++++++++--------- 2002/1xxx/CVE-2002-1922.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2248.json | 140 ++++++++--------- 2002/2xxx/CVE-2002-2257.json | 140 ++++++++--------- 2003/0xxx/CVE-2003-0997.json | 130 +++++++-------- 2005/1xxx/CVE-2005-1156.json | 280 ++++++++++++++++----------------- 2005/1xxx/CVE-2005-1198.json | 120 +++++++------- 2005/1xxx/CVE-2005-1231.json | 140 ++++++++--------- 2005/1xxx/CVE-2005-1385.json | 160 +++++++++---------- 2009/1xxx/CVE-2009-1559.json | 150 +++++++++--------- 2012/0xxx/CVE-2012-0109.json | 150 +++++++++--------- 2012/0xxx/CVE-2012-0573.json | 160 +++++++++---------- 2012/0xxx/CVE-2012-0801.json | 140 ++++++++--------- 2012/0xxx/CVE-2012-0907.json | 140 ++++++++--------- 2012/0xxx/CVE-2012-0971.json | 34 ++-- 2012/3xxx/CVE-2012-3234.json | 130 +++++++-------- 2012/3xxx/CVE-2012-3839.json | 170 ++++++++++---------- 2012/3xxx/CVE-2012-3895.json | 130 +++++++-------- 2012/3xxx/CVE-2012-3984.json | 210 ++++++++++++------------- 2012/4xxx/CVE-2012-4023.json | 140 ++++++++--------- 2012/4xxx/CVE-2012-4254.json | 150 +++++++++--------- 2012/4xxx/CVE-2012-4322.json | 34 ++-- 2012/4xxx/CVE-2012-4402.json | 140 ++++++++--------- 2012/4xxx/CVE-2012-4978.json | 34 ++-- 2012/6xxx/CVE-2012-6407.json | 34 ++-- 2012/6xxx/CVE-2012-6533.json | 130 +++++++-------- 2012/6xxx/CVE-2012-6571.json | 120 +++++++------- 2012/6xxx/CVE-2012-6595.json | 120 +++++++------- 2017/2xxx/CVE-2017-2149.json | 260 +++++++++++++++--------------- 2017/2xxx/CVE-2017-2423.json | 150 +++++++++--------- 2017/2xxx/CVE-2017-2495.json | 150 +++++++++--------- 2017/2xxx/CVE-2017-2805.json | 130 +++++++-------- 2017/2xxx/CVE-2017-2977.json | 140 ++++++++--------- 2017/6xxx/CVE-2017-6545.json | 34 ++-- 2017/6xxx/CVE-2017-6674.json | 130 +++++++-------- 2017/6xxx/CVE-2017-6899.json | 130 +++++++-------- 2017/7xxx/CVE-2017-7176.json | 34 ++-- 2017/7xxx/CVE-2017-7214.json | 150 +++++++++--------- 2018/14xxx/CVE-2018-14391.json | 34 ++-- 2018/14xxx/CVE-2018-14514.json | 120 +++++++------- 2018/14xxx/CVE-2018-14769.json | 130 +++++++-------- 2018/15xxx/CVE-2018-15116.json | 34 ++-- 2018/15xxx/CVE-2018-15457.json | 178 ++++++++++----------- 2018/15xxx/CVE-2018-15509.json | 78 +++++++-- 2018/15xxx/CVE-2018-15630.json | 34 ++-- 2018/20xxx/CVE-2018-20068.json | 132 ++++++++-------- 2018/20xxx/CVE-2018-20476.json | 120 +++++++------- 2018/20xxx/CVE-2018-20515.json | 34 ++-- 2018/20xxx/CVE-2018-20608.json | 120 +++++++------- 2018/9xxx/CVE-2018-9274.json | 150 +++++++++--------- 2018/9xxx/CVE-2018-9313.json | 140 ++++++++--------- 2018/9xxx/CVE-2018-9474.json | 34 ++-- 58 files changed, 3638 insertions(+), 3594 deletions(-) diff --git a/2002/0xxx/CVE-2002-0137.json b/2002/0xxx/CVE-2002-0137.json index 6ff6f9cb136..de1d73e26df 100644 --- a/2002/0xxx/CVE-2002-0137.json +++ b/2002/0xxx/CVE-2002-0137.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020112 cdrdao insecure filehandling", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101102759631000&w=2" - }, - { - "name" : "3865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files via a symlink attack on the $HOME/.cdrdao configuration file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020112 cdrdao insecure filehandling", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101102759631000&w=2" + }, + { + "name": "3865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3865" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0343.json b/2002/0xxx/CVE-2002-0343.json index 2f463222592..9864201558f 100644 --- a/2002/0xxx/CVE-2002-0343.json +++ b/2002/0xxx/CVE-2002-0343.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020228 Hotline Client Plain password vuln.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101495128121299&w=2" - }, - { - "name" : "hotline-connect-plaintext-password(8327)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8327.php" - }, - { - "name" : "4210", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4210" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hotline Client 1.8.5 stores sensitive user information, including passwords, in plaintext in the bookmarks file, which could allow local users with access to the bookmarks file to gain privileges by extracting the passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4210", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4210" + }, + { + "name": "hotline-connect-plaintext-password(8327)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8327.php" + }, + { + "name": "20020228 Hotline Client Plain password vuln.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101495128121299&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0796.json b/2002/0xxx/CVE-2002-0796.json index 933b8e38eb8..afd391b6691 100644 --- a/2002/0xxx/CVE-2002-0796.json +++ b/2002/0xxx/CVE-2002-0796.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0796", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0796", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102321107714554&w=2" - }, - { - "name" : "00219", - "refsource" : "SUN", - "url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219" - }, - { - "name" : "4932", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4932" - }, - { - "name" : "solaris-snmpdx-format-string(9241)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9241.php" - }, - { - "name" : "oval:org.mitre.oval:def:11", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11" - }, - { - "name" : "oval:org.mitre.oval:def:114", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020604 Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102321107714554&w=2" + }, + { + "name": "solaris-snmpdx-format-string(9241)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9241.php" + }, + { + "name": "oval:org.mitre.oval:def:114", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A114" + }, + { + "name": "00219", + "refsource": "SUN", + "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/219" + }, + { + "name": "oval:org.mitre.oval:def:11", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11" + }, + { + "name": "4932", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4932" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1141.json b/2002/1xxx/CVE-2002-1141.json index 2c747fd319f..0f239765068 100644 --- a/2002/1xxx/CVE-2002-1141.json +++ b/2002/1xxx/CVE-2002-1141.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1141", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka \"Denial of service by sending an invalid RPC request.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1141", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-057", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057" - }, - { - "name" : "sfu-invalid-rpc-dos(10259)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10259.php" - }, - { - "name" : "5880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5880" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka \"Denial of service by sending an invalid RPC request.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-057", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057" + }, + { + "name": "5880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5880" + }, + { + "name": "sfu-invalid-rpc-dos(10259)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10259.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1590.json b/2002/1xxx/CVE-2002-1590.json index bf3f1e69009..4d3695a05fd 100644 --- a/2002/1xxx/CVE-2002-1590.json +++ b/2002/1xxx/CVE-2002-1590.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1590", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1590", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "48320", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48320-1" - }, - { - "name" : "N-010", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-010.shtml" - }, - { - "name" : "6061", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6061" - }, - { - "name" : "solaris-wbem-files-insecure(10495)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10495" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed using Solaris 8 Update 1/01 or later, install files with world or group write permissions, which allows local users to gain root privileges or cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "N-010", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-010.shtml" + }, + { + "name": "6061", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6061" + }, + { + "name": "solaris-wbem-files-insecure(10495)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10495" + }, + { + "name": "48320", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-48320-1" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1738.json b/2002/1xxx/CVE-2002-1738.json index 36dd28e6bf7..92b347f5908 100644 --- a/2002/1xxx/CVE-2002-1738.json +++ b/2002/1xxx/CVE-2002-1738.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020507 Multiple Vulnerabilities in MDaemon + WorldClient", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/271374" - }, - { - "name" : "4685", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4685" - }, - { - "name" : "mdaemon-default-account(9024)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9024" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaemon mail account with a password of MServer, which could allow remote attackers to send anonymous email." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4685", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4685" + }, + { + "name": "mdaemon-default-account(9024)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9024" + }, + { + "name": "20020507 Multiple Vulnerabilities in MDaemon + WorldClient", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/271374" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1899.json b/2002/1xxx/CVE-2002-1899.json index 73b312a4cc8..1b137c4b805 100644 --- a/2002/1xxx/CVE-2002-1899.json +++ b/2002/1xxx/CVE-2002-1899.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the \"Full Name\" (addressname) parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020814 IceWarp Webmail XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0135.html" - }, - { - "name" : "20021112 IceWarp 3.4.5 XSS *AGAIN*", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0172.html" - }, - { - "name" : "http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt", - "refsource" : "CONFIRM", - "url" : "http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt" - }, - { - "name" : "icewarp-name-xss(9866)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9866.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the \"Full Name\" (addressname) parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "icewarp-name-xss(9866)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9866.php" + }, + { + "name": "http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt", + "refsource": "CONFIRM", + "url": "http://www.icewarp.com/Products/IceWarp_Web_Mail/releasenotes.txt" + }, + { + "name": "20021112 IceWarp 3.4.5 XSS *AGAIN*", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0172.html" + }, + { + "name": "20020814 IceWarp Webmail XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0135.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1922.json b/2002/1xxx/CVE-2002-1922.json index 52e70bb3cb3..d3fc4329da7 100644 --- a/2002/1xxx/CVE-2002-1922.json +++ b/2002/1xxx/CVE-2002-1922.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1922", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1922", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021018 vBulletin XSS Security Bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html" - }, - { - "name" : "5997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5997" - }, - { - "name" : "vBulletin-usercp-xss(10407)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10407.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021018 vBulletin XSS Security Bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0272.html" + }, + { + "name": "5997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5997" + }, + { + "name": "vBulletin-usercp-xss(10407)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10407.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2248.json b/2002/2xxx/CVE-2002-2248.json index bb96b0f479f..8a0fb77aba1 100644 --- a/2002/2xxx/CVE-2002-2248.json +++ b/2002/2xxx/CVE-2002-2248.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021126 Netscape 4 Java buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103834439321292&w=2" - }, - { - "name" : "6256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6256" - }, - { - "name" : "netscape-applet-canconvert-bo(10706)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10706" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConvert method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netscape-applet-canconvert-bo(10706)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10706" + }, + { + "name": "20021126 Netscape 4 Java buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103834439321292&w=2" + }, + { + "name": "6256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6256" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2257.json b/2002/2xxx/CVE-2002-2257.json index 7b7d78bd5ec..9729f0acfef 100644 --- a/2002/2xxx/CVE-2002-2257.json +++ b/2002/2xxx/CVE-2002-2257.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021128 Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr.", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0346.html" - }, - { - "name" : "6270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6270" - }, - { - "name" : "libcgi-cgilibc-parsefield-bo(10722)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10722" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021128 Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr.", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0346.html" + }, + { + "name": "libcgi-cgilibc-parsefield-bo(10722)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10722" + }, + { + "name": "6270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6270" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0997.json b/2003/0xxx/CVE-2003-0997.json index f76cb5ada94..0090e9e0f60 100644 --- a/2003/0xxx/CVE-2003-0997.json +++ b/2003/0xxx/CVE-2003-0997.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0997", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown \"Denial of Service Attack\" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0997", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ca.com/techbases/rp/urc6x-secnote.html", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/techbases/rp/urc6x-secnote.html" - }, - { - "name" : "10420", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10420/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown \"Denial of Service Attack\" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.ca.com/techbases/rp/urc6x-secnote.html", + "refsource": "CONFIRM", + "url": "http://support.ca.com/techbases/rp/urc6x-secnote.html" + }, + { + "name": "10420", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10420/" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1156.json b/2005/1xxx/CVE-2005-1156.json index 6a38c50fff1..30a0dd819eb 100644 --- a/2005/1xxx/CVE-2005-1156.json +++ b/2005/1xxx/CVE-2005-1156.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mikx.de/firesearching/", - "refsource" : "MISC", - "url" : "http://www.mikx.de/firesearching/" - }, - { - "name" : "http://www.mozilla.org/security/announce/mfsa2005-38.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/mfsa2005-38.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" - }, - { - "name" : "GLSA-200504-18", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" - }, - { - "name" : "RHSA-2005:383", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-383.html" - }, - { - "name" : "RHSA-2005:386", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-386.html" - }, - { - "name" : "RHSA-2005:384", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html" - }, - { - "name" : "SCOSA-2005.49", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" - }, - { - "name" : "13211", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13211" - }, - { - "name" : "15495", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15495" - }, - { - "name" : "oval:org.mitre.oval:def:100020", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" - }, - { - "name" : "oval:org.mitre.oval:def:11230", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" - }, - { - "name" : "1013745", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013745" - }, - { - "name" : "14938", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14938" - }, - { - "name" : "14992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14992" - }, - { - "name" : "14996", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14996" - }, - { - "name" : "mozilla-plugin-xss(20125)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka \"Firesearching 1.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:386", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-386.html" + }, + { + "name": "oval:org.mitre.oval:def:11230", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11230" + }, + { + "name": "14992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14992" + }, + { + "name": "http://www.mozilla.org/security/announce/mfsa2005-38.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/mfsa2005-38.html" + }, + { + "name": "SCOSA-2005.49", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" + }, + { + "name": "15495", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15495" + }, + { + "name": "GLSA-200504-18", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-18.xml" + }, + { + "name": "oval:org.mitre.oval:def:100020", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100020" + }, + { + "name": "http://www.mikx.de/firesearching/", + "refsource": "MISC", + "url": "http://www.mikx.de/firesearching/" + }, + { + "name": "1013745", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013745" + }, + { + "name": "14938", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14938" + }, + { + "name": "mozilla-plugin-xss(20125)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20125" + }, + { + "name": "RHSA-2005:384", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-384.html" + }, + { + "name": "RHSA-2005:383", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-383.html" + }, + { + "name": "13211", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13211" + }, + { + "name": "14996", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14996" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=290037" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1198.json b/2005/1xxx/CVE-2005-1198.json index b3fb5e83f33..d840ded4722 100644 --- a/2005/1xxx/CVE-2005-1198.json +++ b/2005/1xxx/CVE-2005-1198.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of \"..\" sequences in the template parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050419 Directoy Traversal Attack in apexec.pl (.%00./-Bug)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111393495916656&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of \"..\" sequences in the template parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050419 Directoy Traversal Attack in apexec.pl (.%00./-Bug)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111393495916656&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1231.json b/2005/1xxx/CVE-2005-1231.json index 6d3b6456baf..f6609fce010 100644 --- a/2005/1xxx/CVE-2005-1231.json +++ b/2005/1xxx/CVE-2005-1231.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html" - }, - { - "name" : "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html" - }, - { - "name" : "13254", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/unixfocus/5RP0M0AFFS.html" + }, + { + "name": "20050418 XSS bug in JAWS gadget Glossary (0.4-latestbeta (beta 2))", + "refsource": "FULLDISC", + "url": "http://seclists.org/lists/fulldisclosure/2005/Apr/0416.html" + }, + { + "name": "13254", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13254" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1385.json b/2005/1xxx/CVE-2005-1385.json index f4d2876660a..c9264b2d61a 100644 --- a/2005/1xxx/CVE-2005-1385.json +++ b/2005/1xxx/CVE-2005-1385.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1385", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1385", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050428 Safari HTTPS Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111473570624498&w=2" - }, - { - "name" : "20050429 Re: Safari HTTPS Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111479346119272&w=2" - }, - { - "name" : "20050429 Re: Safari HTTPS Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111479299730011&w=2" - }, - { - "name" : "16006", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/16006" - }, - { - "name" : "1013835", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "16006", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/16006" + }, + { + "name": "20050428 Safari HTTPS Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111473570624498&w=2" + }, + { + "name": "20050429 Re: Safari HTTPS Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111479299730011&w=2" + }, + { + "name": "20050429 Re: Safari HTTPS Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111479346119272&w=2" + }, + { + "name": "1013835", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013835" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1559.json b/2009/1xxx/CVE-2009-1559.json index 14cc8924f56..285d71aa7b5 100644 --- a/2009/1xxx/CVE-2009-1559.json +++ b/2009/1xxx/CVE-2009-1559.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/", - "refsource" : "MISC", - "url" : "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/" - }, - { - "name" : "34713", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34713" - }, - { - "name" : "ADV-2009-1173", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1173" - }, - { - "name" : "wvc54gca-admfile-dir-traversal(50231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Absolute path traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R24 and possibly 1.00R22 allows remote attackers to read arbitrary files via an absolute pathname in the this_file parameter. NOTE: traversal via a .. (dot dot) is probably also possible." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "wvc54gca-admfile-dir-traversal(50231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50231" + }, + { + "name": "34713", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34713" + }, + { + "name": "ADV-2009-1173", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1173" + }, + { + "name": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/", + "refsource": "MISC", + "url": "http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0109.json b/2012/0xxx/CVE-2012-0109.json index 4cde27321b6..9044da48add 100644 --- a/2012/0xxx/CVE-2012-0109.json +++ b/2012/0xxx/CVE-2012-0109.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "78424", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78424" - }, - { - "name" : "48308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48308" - }, - { - "name" : "sun-solaris-cve20120109(72504)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72504" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48308" + }, + { + "name": "sun-solaris-cve20120109(72504)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72504" + }, + { + "name": "78424", + "refsource": "OSVDB", + "url": "http://osvdb.org/78424" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0573.json b/2012/0xxx/CVE-2012-0573.json index c1b5e812b95..dee8a45aa27 100644 --- a/2012/0xxx/CVE-2012-0573.json +++ b/2012/0xxx/CVE-2012-0573.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53129", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53129" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - }, - { - "name" : "48831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53129", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53129" + }, + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48831" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0801.json b/2012/0xxx/CVE-2012-0801.json index 28d11732d0c..45eba5a42b1 100644 --- a/2012/0xxx/CVE-2012-0801.json +++ b/2012/0xxx/CVE-2012-0801.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0801", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0801", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=194020", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=194020" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=783532", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=783532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=51070abc78b9e1db1db9a44855e8623b22bebd48" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=194020", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=194020" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=783532", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0907.json b/2012/0xxx/CVE-2012-0907.json index fa5e408fb88..f7e9367dc64 100644 --- a/2012/0xxx/CVE-2012-0907.json +++ b/2012/0xxx/CVE-2012-0907.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0907", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0907", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.altervista.org/adv/neoaxis_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.altervista.org/adv/neoaxis_1-adv.txt" - }, - { - "name" : "78311", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78311" - }, - { - "name" : "neoaxis-neoaxis-directory-traversal(72427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. (dot dot) in a filename in the neoaxis_web_application_win32.zip ZIP archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://aluigi.altervista.org/adv/neoaxis_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.altervista.org/adv/neoaxis_1-adv.txt" + }, + { + "name": "78311", + "refsource": "OSVDB", + "url": "http://osvdb.org/78311" + }, + { + "name": "neoaxis-neoaxis-directory-traversal(72427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72427" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0971.json b/2012/0xxx/CVE-2012-0971.json index dffe0339b06..06edbd1fb99 100644 --- a/2012/0xxx/CVE-2012-0971.json +++ b/2012/0xxx/CVE-2012-0971.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0971", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-0971", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3234.json b/2012/3xxx/CVE-2012-3234.json index f5501e48b47..f5ea70781ec 100644 --- a/2012/3xxx/CVE-2012-3234.json +++ b/2012/3xxx/CVE-2012-3234.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3234", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3234", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/09072012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/09072012_player/en/" - }, - { - "name" : "realplayer-frame-size-dos(78388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer before 12.0.1.1750 do not properly handle codec frame sizes in RealAudio files, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash) or possibly have unspecified other impact via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/realplayer/security/09072012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/09072012_player/en/" + }, + { + "name": "realplayer-frame-size-dos(78388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78388" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3839.json b/2012/3xxx/CVE-2012-3839.json index 2322faba941..337e741bd14 100644 --- a/2012/3xxx/CVE-2012-3839.json +++ b/2012/3xxx/CVE-2012-3839.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3839", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3839", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18814", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18814" - }, - { - "name" : "http://myclientbase.com/", - "refsource" : "CONFIRM", - "url" : "http://myclientbase.com/" - }, - { - "name" : "https://bitbucket.org/jesseterry/myclientbase/changeset/789099396f05", - "refsource" : "CONFIRM", - "url" : "https://bitbucket.org/jesseterry/myclientbase/changeset/789099396f05" - }, - { - "name" : "53311", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53311" - }, - { - "name" : "48961", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48961" - }, - { - "name" : "myclientbase-index-sql-injection(75298)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75298" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48961", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48961" + }, + { + "name": "https://bitbucket.org/jesseterry/myclientbase/changeset/789099396f05", + "refsource": "CONFIRM", + "url": "https://bitbucket.org/jesseterry/myclientbase/changeset/789099396f05" + }, + { + "name": "18814", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18814" + }, + { + "name": "53311", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53311" + }, + { + "name": "http://myclientbase.com/", + "refsource": "CONFIRM", + "url": "http://myclientbase.com/" + }, + { + "name": "myclientbase-index-sql-injection(75298)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75298" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3895.json b/2012/3xxx/CVE-2012-3895.json index 498369853c4..9e495b07d3e 100644 --- a/2012/3xxx/CVE-2012-3895.json +++ b/2012/3xxx/CVE-2012-3895.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3895", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3895", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html" - }, - { - "name" : "ciscoios-mvpnv6-dos(78872)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78872" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause a denial of service (device crash) via an MVPNv6 update, aka Bug ID CSCty89224." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/15_2s/release/notes/15_2s_caveats_15_2_2s.html" + }, + { + "name": "ciscoios-mvpnv6-dos(78872)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78872" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3984.json b/2012/3xxx/CVE-2012-3984.json index 12b3d085243..15870a763db 100644 --- a/2012/3xxx/CVE-2012-3984.json +++ b/2012/3xxx/CVE-2012-3984.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-75.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-75.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=575294", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=575294" - }, - { - "name" : "SUSE-SU-2012:1351", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" - }, - { - "name" : "USN-1611-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1611-1" - }, - { - "name" : "oval:org.mitre.oval:def:16184", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16184" - }, - { - "name" : "50856", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50856" - }, - { - "name" : "50892", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50892" - }, - { - "name" : "50904", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50904" - }, - { - "name" : "50935", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50935" - }, - { - "name" : "50984", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50984" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly handle navigation away from a web page that has a SELECT element's menu active, which allows remote attackers to spoof page content via vectors involving absolute positioning and scrolling." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50904", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50904" + }, + { + "name": "50984", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50984" + }, + { + "name": "50935", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50935" + }, + { + "name": "50856", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50856" + }, + { + "name": "50892", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50892" + }, + { + "name": "oval:org.mitre.oval:def:16184", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16184" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-75.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-75.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=575294", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=575294" + }, + { + "name": "SUSE-SU-2012:1351", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" + }, + { + "name": "USN-1611-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1611-1" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4023.json b/2012/4xxx/CVE-2012-4023.json index 183b8d0d05e..5d259d42982 100644 --- a/2012/4xxx/CVE-2012-4023.json +++ b/2012/4xxx/CVE-2012-4023.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4023", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-4023", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#39563771", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN39563771/index.html" - }, - { - "name" : "JVNDB-2012-000099", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099" - }, - { - "name" : "51102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51102" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CRLF injection vulnerability in Pebble before 2.6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#39563771", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN39563771/index.html" + }, + { + "name": "51102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51102" + }, + { + "name": "JVNDB-2012-000099", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000099" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4254.json b/2012/4xxx/CVE-2012-4254.json index 3c4898123c5..127deadbf4a 100644 --- a/2012/4xxx/CVE-2012-4254.json +++ b/2012/4xxx/CVE-2012-4254.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4254", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4254", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html" - }, - { - "name" : "53306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53306" - }, - { - "name" : "81616", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/81616" - }, - { - "name" : "mysqldumper-restore-info-disclosure(75287)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html" + }, + { + "name": "53306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53306" + }, + { + "name": "mysqldumper-restore-info-disclosure(75287)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75287" + }, + { + "name": "81616", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/81616" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4322.json b/2012/4xxx/CVE-2012-4322.json index a4140a4d78e..0d1f8f6ef89 100644 --- a/2012/4xxx/CVE-2012-4322.json +++ b/2012/4xxx/CVE-2012-4322.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4322", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4322", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4402.json b/2012/4xxx/CVE-2012-4402.json index eaf0e0d58fc..9713ca703ee 100644 --- a/2012/4xxx/CVE-2012-4402.json +++ b/2012/4xxx/CVE-2012-4402.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120917 Moodle security notifications public", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/09/17/1" - }, - { - "name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368", - "refsource" : "CONFIRM", - "url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368" - }, - { - "name" : "http://moodle.org/mod/forum/discuss.php?d=211559", - "refsource" : "CONFIRM", - "url" : "http://moodle.org/mod/forum/discuss.php?d=211559" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120917 Moodle security notifications public", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/09/17/1" + }, + { + "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368", + "refsource": "CONFIRM", + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34368" + }, + { + "name": "http://moodle.org/mod/forum/discuss.php?d=211559", + "refsource": "CONFIRM", + "url": "http://moodle.org/mod/forum/discuss.php?d=211559" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4978.json b/2012/4xxx/CVE-2012-4978.json index 3ed060d40b7..702f5a37249 100644 --- a/2012/4xxx/CVE-2012-4978.json +++ b/2012/4xxx/CVE-2012-4978.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4978", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4978", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6407.json b/2012/6xxx/CVE-2012-6407.json index bf60eb4edf1..283f516c877 100644 --- a/2012/6xxx/CVE-2012-6407.json +++ b/2012/6xxx/CVE-2012-6407.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6407", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-6407", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6533.json b/2012/6xxx/CVE-2012-6533.json index 70343c18ed6..77e10060bf1 100644 --- a/2012/6xxx/CVE-2012-6533.json +++ b/2012/6xxx/CVE-2012-6533.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6533", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@symantec.com", + "ID": "CVE-2012-6533", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00" - }, - { - "name" : "57835", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/57835" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and Encryption Desktop 10.3.0 before MP1 on Windows XP and Server 2003 allows local users to gain privileges via a crafted application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "57835", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/57835" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2013&suid=20130213_00" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6571.json b/2012/6xxx/CVE-2012-6571.json index 8c7939b56e7..39298b36352 100644 --- a/2012/6xxx/CVE-2012-6571.json +++ b/2012/6xxx/CVE-2012-6571.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP module in the (1) Branch Intelligent Management System (BIMS) and (2) web management components on Huawei AR routers and S2000, S3000, S3500, S3900, S5100, S5600, and S7800 switches uses predictable Session ID values, which makes it easier for remote attackers to hijack sessions via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-u_194371.htm" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6595.json b/2012/6xxx/CVE-2012-6595.json index 58d52a9cb98..78bcc12acf1 100644 --- a/2012/6xxx/CVE-2012-6595.json +++ b/2012/6xxx/CVE-2012-6595.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6595", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6595", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/6", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated administrators to execute arbitrary commands via unspecified vectors, aka Ref ID 34595." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/6", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/6" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2149.json b/2017/2xxx/CVE-2017-2149.json index f1528b92104..e42fdb7ceb9 100644 --- a/2017/2xxx/CVE-2017-2149.json +++ b/2017/2xxx/CVE-2017-2149.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2149", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool", - "version" : { - "version_data" : [ - { - "version_value" : "V1.00.03 and earlier" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software", - "version" : { - "version_data" : [ - { - "version_value" : "V3.0.2 and earlier" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series)", - "version" : { - "version_data" : [ - { - "version_value" : "V3.00.01" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series)", - "version" : { - "version_data" : [ - { - "version_value" : "V2.00.03 and earlier" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)", - "version" : { - "version_data" : [ - { - "version_value" : "V1.00.04 and earlier" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software", - "version" : { - "version_data" : [ - { - "version_value" : "V1.02 and earlier" - } - ] - } - }, - { - "product_name" : "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool", - "version" : { - "version_data" : [ - { - "version_value" : "V1.00.06 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Toshiba Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2149", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool", + "version": { + "version_data": [ + { + "version_value": "V1.00.03 and earlier" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Configuration Software", + "version": { + "version_data": [ + { + "version_value": "V3.0.2 and earlier" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WE series)", + "version": { + "version_data": [ + { + "version_value": "V3.00.01" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WD/WC series)", + "version": { + "version_data": [ + { + "version_value": "V2.00.03 and earlier" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded wireless LAN functionality FlashAirTM Software Update tool (SD-WB/WL series)", + "version": { + "version_data": [ + { + "version_value": "V1.00.04 and earlier" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Configuration Software", + "version": { + "version_data": [ + { + "version_value": "V1.02 and earlier" + } + ] + } + }, + { + "product_name": "Installer for SDHC Memory Card with embedded TransferJetTM functionality Software Update tool", + "version": { + "version_data": [ + { + "version_value": "V1.00.06 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Toshiba Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.toshiba-personalstorage.net/news/20170414.htm", - "refsource" : "MISC", - "url" : "http://www.toshiba-personalstorage.net/news/20170414.htm" - }, - { - "name" : "JVN#05340816", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN05340816/index.html" - }, - { - "name" : "97697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97697" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Software V3.0.2 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WE series) V3.00.01, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WD/WC series) V2.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Software Update tool (SD-WB/WL series) V1.00.04 and earlier, SDHC Memory Card with embedded TransferJet functionality Configuration Software V1.02 and earlier, SDHC Memory Card with embedded TransferJet functionality Software Update tool V1.00.06 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#05340816", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN05340816/index.html" + }, + { + "name": "http://www.toshiba-personalstorage.net/news/20170414.htm", + "refsource": "MISC", + "url": "http://www.toshiba-personalstorage.net/news/20170414.htm" + }, + { + "name": "97697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97697" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2423.json b/2017/2xxx/CVE-2017-2423.json index f49651c5056..af31d0bc6d5 100644 --- a/2017/2xxx/CVE-2017-2423.json +++ b/2017/2xxx/CVE-2017-2423.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2423", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the \"Security\" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2423", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97147", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97147" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. The issue involves the \"Security\" component. It allows remote attackers to bypass intended access restrictions by leveraging a successful result from a SecKeyRawVerify API call with an empty signature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97147", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97147" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2495.json b/2017/2xxx/CVE-2017-2495.json index c6b1f3b72e5..14f079c6d10 100644 --- a/2017/2xxx/CVE-2017-2495.json +++ b/2017/2xxx/CVE-2017-2495.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2495", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2495", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted web site that improperly interacts with the history menu." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2805.json b/2017/2xxx/CVE-2017-2805.json index 50534fa10de..635dc906ce3 100644 --- a/2017/2xxx/CVE-2017-2805.json +++ b/2017/2xxx/CVE-2017-2805.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "ID" : "CVE-2017-2805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "ID": "CVE-2017-2805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0299", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0299" - }, - { - "name" : "99190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable stack-based buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera. A specially crafted http request can cause a stack-based buffer overflow resulting in overwriting arbitrary data on the stack frame. An attacker can simply send an http request to the device to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0299", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0299" + }, + { + "name": "99190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99190" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2977.json b/2017/2xxx/CVE-2017-2977.json index 3a710ea1bd9..e5d8a7427a3 100644 --- a/2017/2xxx/CVE-2017-2977.json +++ b/2017/2xxx/CVE-2017-2977.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions 4.5.3 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Digital Editions 4.5.3 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions 4.5.3 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Digital Editions 4.5.3 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html" - }, - { - "name" : "96195", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96195" - }, - { - "name" : "1037816", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037816" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037816", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037816" + }, + { + "name": "96195", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96195" + }, + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6545.json b/2017/6xxx/CVE-2017-6545.json index 570da558143..6fdc9f14001 100644 --- a/2017/6xxx/CVE-2017-6545.json +++ b/2017/6xxx/CVE-2017-6545.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6545", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6545", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6674.json b/2017/6xxx/CVE-2017-6674.json index f8308007121..5aef9cae240 100644 --- a/2017/6xxx/CVE-2017-6674.json +++ b/2017/6xxx/CVE-2017-6674.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Firepower System Software", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Firepower System Software" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "URL Filtering Bypass Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Firepower System Software", + "version": { + "version_data": [ + { + "version_value": "Cisco Firepower System Software" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc" - }, - { - "name" : "98654", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98654" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the feature-license management functionality of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass URL filters that have been configured for an affected device. More Information: CSCvb16413. Known Affected Releases: 6.0.1 6.1.0 6.2.0 6.2.1. Known Fixed Releases: 6.2.1 6.2.0.1 6.1.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "URL Filtering Bypass Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98654", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98654" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170524-fmc" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6899.json b/2017/6xxx/CVE-2017-6899.json index c73c7d46e58..1f9cddb4225 100644 --- a/2017/6xxx/CVE-2017-6899.json +++ b/2017/6xxx/CVE-2017-6899.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6899", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6899", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.secret-team.cn/index.php/archives/5/", - "refsource" : "MISC", - "url" : "http://blog.secret-team.cn/index.php/archives/5/" - }, - { - "name" : "99107", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99107" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The msm_bus_dbg_update_request_write function in drivers/platform/msm/msm_bus/msm_bus_dbg.c in android_kernel_huawei_msm8916 through 2017-06-16 in LineageOS, and possibly other kernels for MSM devices, allows attackers to cause a denial of service (NULL pointer dereference and device crash) via a crafted /sys/kernel/debug/msm-bus-dbg/client-data/update-request write request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.secret-team.cn/index.php/archives/5/", + "refsource": "MISC", + "url": "http://blog.secret-team.cn/index.php/archives/5/" + }, + { + "name": "99107", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99107" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7176.json b/2017/7xxx/CVE-2017-7176.json index 8ee82894893..22ccc6b6da6 100644 --- a/2017/7xxx/CVE-2017-7176.json +++ b/2017/7xxx/CVE-2017-7176.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7176", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7176", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7214.json b/2017/7xxx/CVE-2017-7214.json index 9f1630fe4d5..0bb54fdfb6c 100644 --- a/2017/7xxx/CVE-2017-7214.json +++ b/2017/7xxx/CVE-2017-7214.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://launchpad.net/bugs/1673569", - "refsource" : "CONFIRM", - "url" : "https://launchpad.net/bugs/1673569" - }, - { - "name" : "RHSA-2017:1508", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1508" - }, - { - "name" : "RHSA-2017:1595", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1595" - }, - { - "name" : "96998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96998" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1595", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1595" + }, + { + "name": "96998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96998" + }, + { + "name": "https://launchpad.net/bugs/1673569", + "refsource": "CONFIRM", + "url": "https://launchpad.net/bugs/1673569" + }, + { + "name": "RHSA-2017:1508", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1508" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14391.json b/2018/14xxx/CVE-2018-14391.json index 47f6c7cbafd..f9d20955a1c 100644 --- a/2018/14xxx/CVE-2018-14391.json +++ b/2018/14xxx/CVE-2018-14391.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14391", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14391", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14514.json b/2018/14xxx/CVE-2018-14514.json index aeadcdb254d..4ec4286d423 100644 --- a/2018/14xxx/CVE-2018-14514.json +++ b/2018/14xxx/CVE-2018-14514.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14514", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14514", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/idreamsoft/iCMS/issues/29", - "refsource" : "MISC", - "url" : "https://github.com/idreamsoft/iCMS/issues/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/idreamsoft/iCMS/issues/29", + "refsource": "MISC", + "url": "https://github.com/idreamsoft/iCMS/issues/29" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14769.json b/2018/14xxx/CVE-2018-14769.json index 7b11183dd3e..96575e8faf2 100644 --- a/2018/14xxx/CVE-2018-14769.json +++ b/2018/14xxx/CVE-2018-14769.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vivotek.com/website/support/cybersecurity", - "refsource" : "MISC", - "url" : "https://www.vivotek.com/website/support/cybersecurity" - }, - { - "name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf", - "refsource" : "CONFIRM", - "url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf", + "refsource": "CONFIRM", + "url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-004-v1.pdf" + }, + { + "name": "https://www.vivotek.com/website/support/cybersecurity", + "refsource": "MISC", + "url": "https://www.vivotek.com/website/support/cybersecurity" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15116.json b/2018/15xxx/CVE-2018-15116.json index 67fc31f3ead..037d5b83023 100644 --- a/2018/15xxx/CVE-2018-15116.json +++ b/2018/15xxx/CVE-2018-15116.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15116", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15116", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15457.json b/2018/15xxx/CVE-2018-15457.json index deb516f84e1..9beaae03753 100644 --- a/2018/15xxx/CVE-2018-15457.json +++ b/2018/15xxx/CVE-2018-15457.json @@ -1,91 +1,91 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2019-01-09T16:00:00-0800", - "ID" : "CVE-2018-15457", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Prime Infrastructure Cross-Site Scripting Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Infrastructure ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." - } - ] - }, - "exploit" : [ - { - "lang" : "eng", - "value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " - } - ], - "impact" : { - "cvss" : { - "baseScore" : "6.1", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2019-01-09T16:00:00-0800", + "ID": "CVE-2018-15457", + "STATE": "PUBLIC", + "TITLE": "Cisco Prime Infrastructure Cross-Site Scripting Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Infrastructure ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20190109 Cisco Prime Infrastructure Cross-Site Scripting Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cpi-xss" - }, - { - "name" : "106509", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106509" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20190109-cpi-xss", - "defect" : [ - [ - "CSCvm74707" - ] - ], - "discovery" : "INTERNAL" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ] + }, + "exploit": [ + { + "lang": "eng", + "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " + } + ], + "impact": { + "cvss": { + "baseScore": "6.1", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20190109 Cisco Prime Infrastructure Cross-Site Scripting Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-cpi-xss" + }, + { + "name": "106509", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106509" + } + ] + }, + "source": { + "advisory": "cisco-sa-20190109-cpi-xss", + "defect": [ + [ + "CSCvm74707" + ] + ], + "discovery": "INTERNAL" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15509.json b/2018/15xxx/CVE-2018-15509.json index f8418b13721..277105d4a73 100644 --- a/2018/15xxx/CVE-2018-15509.json +++ b/2018/15xxx/CVE-2018-15509.json @@ -1,18 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15509", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15509", + "STATE": "PUBLIC" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://0tkombo.wixsite.com/0tkombo/blog/five9-dos-websocket-access", + "url": "https://0tkombo.wixsite.com/0tkombo/blog/five9-dos-websocket-access" + } + ] + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } + ] + } + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15630.json b/2018/15xxx/CVE-2018-15630.json index 0fcdf36548c..872f47a3c4c 100644 --- a/2018/15xxx/CVE-2018-15630.json +++ b/2018/15xxx/CVE-2018-15630.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15630", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15630", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20068.json b/2018/20xxx/CVE-2018-20068.json index 2711c82ad65..26fbf14e3ee 100644 --- a/2018/20xxx/CVE-2018-20068.json +++ b/2018/20xxx/CVE-2018-20068.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-20068", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-20068", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/882270", - "refsource" : "MISC", - "url" : "https://crbug.com/882270" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incorrect handling of 304 status codes in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/882270", + "refsource": "MISC", + "url": "https://crbug.com/882270" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20476.json b/2018/20xxx/CVE-2018-20476.json index 210ad2632e7..e2645498660 100644 --- a/2018/20xxx/CVE-2018-20476.json +++ b/2018/20xxx/CVE-2018-20476.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20476", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20476", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://shell01.top/2018/12/14/scms-xss/#more", - "refsource" : "MISC", - "url" : "https://shell01.top/2018/12/14/scms-xss/#more" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://shell01.top/2018/12/14/scms-xss/#more", + "refsource": "MISC", + "url": "https://shell01.top/2018/12/14/scms-xss/#more" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20515.json b/2018/20xxx/CVE-2018-20515.json index 7002df3da48..51079b70681 100644 --- a/2018/20xxx/CVE-2018-20515.json +++ b/2018/20xxx/CVE-2018-20515.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20515", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20515", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20608.json b/2018/20xxx/CVE-2018-20608.json index 2737536fa1f..23305e06c85 100644 --- a/2018/20xxx/CVE-2018-20608.json +++ b/2018/20xxx/CVE-2018-20608.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20608", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20608", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#information-disclosure" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9274.json b/2018/9xxx/CVE-2018-9274.json index e30db8e4ffb..4aa9d56e311 100644 --- a/2018/9xxx/CVE-2018-9274.json +++ b/2018/9xxx/CVE-2018-9274.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9274", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9274", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489", - "refsource" : "MISC", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a" - }, - { - "name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07", - "refsource" : "MISC", - "url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07" - }, - { - "name" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html", - "refsource" : "MISC", - "url" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c has a memory leak." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a" + }, + { + "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07", + "refsource": "MISC", + "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489", + "refsource": "MISC", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489" + }, + { + "name": "https://www.wireshark.org/security/wnpa-sec-2018-24.html", + "refsource": "MISC", + "url": "https://www.wireshark.org/security/wnpa-sec-2018-24.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9313.json b/2018/9xxx/CVE-2018-9313.json index 17d3bf9234f..11ded92befe 100644 --- a/2018/9xxx/CVE-2018-9313.json +++ b/2018/9xxx/CVE-2018-9313.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", - "refsource" : "MISC", - "url" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" - }, - { - "name" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", - "refsource" : "MISC", - "url" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" - }, - { - "name" : "104258", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104258" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a remote attack via Bluetooth when in pairing mode, leading to a Head Unit reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf", + "refsource": "MISC", + "url": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf" + }, + { + "name": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/", + "refsource": "MISC", + "url": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/" + }, + { + "name": "104258", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104258" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9474.json b/2018/9xxx/CVE-2018-9474.json index 4fea7c83b8b..59eb855a536 100644 --- a/2018/9xxx/CVE-2018-9474.json +++ b/2018/9xxx/CVE-2018-9474.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9474", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9474", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file