diff --git a/2002/0xxx/CVE-2002-0245.json b/2002/0xxx/CVE-2002-0245.json index c7eac6d76b4..460eae1734c 100644 --- a/2002/0xxx/CVE-2002-0245.json +++ b/2002/0xxx/CVE-2002-0245.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101310812804716&w=2" - }, - { - "name" : "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F" - }, - { - "name" : "4049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4049" - }, - { - "name" : "lotus-domino-reveal-information(8160)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8160.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4049" + }, + { + "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101310812804716&w=2" + }, + { + "name": "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=07B32060E4CC97E985256B64005AEB0F" + }, + { + "name": "lotus-domino-reveal-information(8160)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8160.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0456.json b/2002/0xxx/CVE-2002-0456.json index 28fafc30494..cdb587f3b09 100644 --- a/2002/0xxx/CVE-2002-0456.json +++ b/2002/0xxx/CVE-2002-0456.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0456", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0456", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020315 RE: MSIE vulnerability exploitable with IncrediMail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101622857703677&w=2" - }, - { - "name" : "20020316 MSIE vulnerability exploitable with Eudora (was: IncrediMail)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/262704" - }, - { - "name" : "4306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4306" - }, - { - "name" : "eudora-insecure-attachment-directory(8487)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8487.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020316 MSIE vulnerability exploitable with Eudora (was: IncrediMail)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/262704" + }, + { + "name": "eudora-insecure-attachment-directory(8487)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8487.php" + }, + { + "name": "20020315 RE: MSIE vulnerability exploitable with IncrediMail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101622857703677&w=2" + }, + { + "name": "4306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4306" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0686.json b/2002/0xxx/CVE-2002-0686.json index 09e43ee69e4..e0c65124113 100644 --- a/2002/0xxx/CVE-2002-0686.json +++ b/2002/0xxx/CVE-2002-0686.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0686", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0686", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020709 Sun iPlanet Web Server Buffer Overflow (#NISR09072002)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102622220416889&w=2" - }, - { - "name" : "http://www.nextgenss.com/vna/sun-iws.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/vna/sun-iws.txt" - }, - { - "name" : "VU#612843", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/612843" - }, - { - "name" : "4851", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4851" - }, - { - "name" : "iplanet-search-bo(9506)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9506.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the search component for iPlanet Web Server (iWS) 4.1 and Sun ONE Web Server 6.0 allows remote attackers to execute arbitrary code via a long argument to the NS-rel-doc-name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020709 Sun iPlanet Web Server Buffer Overflow (#NISR09072002)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102622220416889&w=2" + }, + { + "name": "http://www.nextgenss.com/vna/sun-iws.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/vna/sun-iws.txt" + }, + { + "name": "4851", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4851" + }, + { + "name": "iplanet-search-bo(9506)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9506.php" + }, + { + "name": "VU#612843", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/612843" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0788.json b/2002/0xxx/CVE-2002-0788.json index ed08d9e2e4c..159c646bee6 100644 --- a/2002/0xxx/CVE-2002-0788.json +++ b/2002/0xxx/CVE-2002-0788.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An interaction between PGP 7.0.3 with the \"wipe deleted files\" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020508 NTFS and PGP interact to expose EFS encrypted data", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html" - }, - { - "name" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt", - "refsource" : "CONFIRM", - "url" : "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt" - }, - { - "name" : "pgp-ntfs-reveal-data(9044)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9044.php" - }, - { - "name" : "4702", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4702" - }, - { - "name" : "4363", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4363" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An interaction between PGP 7.0.3 with the \"wipe deleted files\" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt", + "refsource": "CONFIRM", + "url": "http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt" + }, + { + "name": "4702", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4702" + }, + { + "name": "4363", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4363" + }, + { + "name": "20020508 NTFS and PGP interact to expose EFS encrypted data", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html" + }, + { + "name": "pgp-ntfs-reveal-data(9044)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9044.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0996.json b/2002/0xxx/CVE-2002-0996.json index 150b03b618c..382d1f5bbbb 100644 --- a/2002/0xxx/CVE-2002-0996.json +++ b/2002/0xxx/CVE-2002-0996.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0996", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0996", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020715 pwc.20020630.nims_modweb.b", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2963051", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2963051" - }, - { - "name" : "5231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5231" - }, - { - "name" : "netmail-web-interface-bo(9560)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9560.php" - }, - { - "name" : "5230", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5230" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020715 pwc.20020630.nims_modweb.b", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0153.html" + }, + { + "name": "netmail-web-interface-bo(9560)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9560.php" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2963051", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2963051" + }, + { + "name": "5230", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5230" + }, + { + "name": "5231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5231" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1054.json b/2002/1xxx/CVE-2002-1054.json index d62fba41111..4b296f1cd65 100644 --- a/2002/1xxx/CVE-2002-1054.json +++ b/2002/1xxx/CVE-2002-1054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via \"..\\\" (dot-dot backslash) sequences in a LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/283665" - }, - { - "name" : "20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html" - }, - { - "name" : "http://www.pablovandermeer.nl/ftpserversrc.zip", - "refsource" : "CONFIRM", - "url" : "http://www.pablovandermeer.nl/ftpserversrc.zip" - }, - { - "name" : "5283", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5283" - }, - { - "name" : "pablo-ftp-directory-traversal(9647)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9647.php" - }, - { - "name" : "4995", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via \"..\\\" (dot-dot backslash) sequences in a LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5283", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5283" + }, + { + "name": "20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html" + }, + { + "name": "4995", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4995" + }, + { + "name": "http://www.pablovandermeer.nl/ftpserversrc.zip", + "refsource": "CONFIRM", + "url": "http://www.pablovandermeer.nl/ftpserversrc.zip" + }, + { + "name": "pablo-ftp-directory-traversal(9647)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9647.php" + }, + { + "name": "20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/283665" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1196.json b/2002/1xxx/CVE-2002-1196.json index 79fad726d3e..1e33d69dcd2 100644 --- a/2002/1xxx/CVE-2002-1196.json +++ b/2002/1xxx/CVE-2002-1196.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the \"usebuggroups\" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021001 [BUGZILLA] Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103349804226566&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12" - }, - { - "name" : "DSA-173", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-173" - }, - { - "name" : "5843", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5843" - }, - { - "name" : "bugzilla-usebuggroups-permissions-leak(10233)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10233.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the \"usebuggroups\" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5843", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5843" + }, + { + "name": "DSA-173", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-173" + }, + { + "name": "bugzilla-usebuggroups-permissions-leak(10233)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10233.php" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12" + }, + { + "name": "20021001 [BUGZILLA] Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103349804226566&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1276.json b/2002/1xxx/CVE-2002-1276.json index d978577670f..65961ae0a88 100644 --- a/2002/1xxx/CVE-2002-1276.json +++ b/2002/1xxx/CVE-2002-1276.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471" - }, - { - "name" : "DSA-191", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-191" - }, - { - "name" : "RHSA-2003:042", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-042.html" - }, - { - "name" : "7019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7019" - }, - { - "name" : "8220", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8220" - }, - { - "name" : "squirrelmail-striptags-phpself-xss(10634)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10634.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-191", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-191" + }, + { + "name": "7019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7019" + }, + { + "name": "squirrelmail-striptags-phpself-xss(10634)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10634.php" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471" + }, + { + "name": "8220", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8220" + }, + { + "name": "RHSA-2003:042", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-042.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1300.json b/2002/1xxx/CVE-2002-1300.json index ecdbf57eb79..afbffc0e6b8 100644 --- a/2002/1xxx/CVE-2002-1300.json +++ b/2002/1xxx/CVE-2002-1300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1300", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1300", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1579.json b/2002/1xxx/CVE-2002-1579.json index bb321cd1e3e..5631d600659 100644 --- a/2002/1xxx/CVE-2002-1579.json +++ b/2002/1xxx/CVE-2002-1579.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an \"unknown connection data\" error." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020128 Sapgui 4.6D for Windows", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0334.html" - }, - { - "name" : "sapgui-invalid-connect-dos(8007)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8007" - }, - { - "name" : "3972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3972" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of service (crash) via a connection to a high-numbered port, which generates an \"unknown connection data\" error." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020128 Sapgui 4.6D for Windows", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0334.html" + }, + { + "name": "3972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3972" + }, + { + "name": "sapgui-invalid-connect-dos(8007)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8007" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2155.json b/2002/2xxx/CVE-2002-2155.json index aa391e9fcfe..1fa4a09d624 100644 --- a/2002/2xxx/CVE-2002-2155.json +++ b/2002/2xxx/CVE-2002-2155.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2155", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2155", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020801 Two more exploitable holes in the trillian irc module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/285695" - }, - { - "name" : "trillian-irc-format-string(9761)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9761.php" - }, - { - "name" : "5388", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the error handling of IRC invite responses for Trillian 0.725 and 0.73 allows remote IRC servers to execute arbitrary code via an invite to a channel with format string specifiers in the name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "trillian-irc-format-string(9761)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9761.php" + }, + { + "name": "20020801 Two more exploitable holes in the trillian irc module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/285695" + }, + { + "name": "5388", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5388" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2173.json b/2002/2xxx/CVE-2002-2173.json index ebbb7d0e5d6..c6dff3ce05f 100644 --- a/2002/2xxx/CVE-2002-2173.json +++ b/2002/2xxx/CVE-2002-2173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020801 Two more exploitable holes in the trillian irc module", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/285695" - }, - { - "name" : "trillian-irc-dcc-bo(9764)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9764.php" - }, - { - "name" : "5389", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5389" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing remote attackers to execute arbitrary code via a long DCC Chat message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5389", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5389" + }, + { + "name": "20020801 Two more exploitable holes in the trillian irc module", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/285695" + }, + { + "name": "trillian-irc-dcc-bo(9764)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9764.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2214.json b/2002/2xxx/CVE-2002-2214.json index db9174c858e..f57823b84ab 100644 --- a/2002/2xxx/CVE-2002-2214.json +++ b/2002/2xxx/CVE-2002-2214.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2214", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long \"To\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2002-2214", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" - }, - { - "name" : "http://bugs.php.net/bug.php?id=15595", - "refsource" : "CONFIRM", - "url" : "http://bugs.php.net/bug.php?id=15595" - }, - { - "name" : "RHSA-2006:0567", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2006-0567.html" - }, - { - "name" : "21202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/21202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The php_if_imap_mime_header_decode function in the IMAP functionality in PHP before 4.2.2 allows remote attackers to cause a denial of service (crash) via an e-mail header with a long \"To\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugs.php.net/bug.php?id=15595", + "refsource": "CONFIRM", + "url": "http://bugs.php.net/bug.php?id=15595" + }, + { + "name": "21202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/21202" + }, + { + "name": "RHSA-2006:0567", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2006-0567.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=175040" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2394.json b/2002/2xxx/CVE-2002-2394.json index 300f7b9d6ea..3d8c0df5dfc 100644 --- a/2002/2xxx/CVE-2002-2394.json +++ b/2002/2xxx/CVE-2002-2394.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020912 Bypassing TrendMicro InterScan VirusWall", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/291538" - }, - { - "name" : "5697", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5697" - }, - { - "name" : "interscan-chunked-transfer-bypass(10106)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10106.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote attackers to bypass virus protection and possibly execute arbitrary code via HTTP 1.1 chunked transfer encoding." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020912 Bypassing TrendMicro InterScan VirusWall", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/291538" + }, + { + "name": "interscan-chunked-transfer-bypass(10106)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10106.php" + }, + { + "name": "5697", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5697" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1042.json b/2005/1xxx/CVE-2005-1042.json index 84d81d12422..c510208c148 100644 --- a/2005/1xxx/CVE-2005-1042.json +++ b/2005/1xxx/CVE-2005-1042.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2005-1042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u", - "refsource" : "CONFIRM", - "url" : "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u" - }, - { - "name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021" - }, - { - "name" : "APPLE-SA-2005-06-08", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" - }, - { - "name" : "GLSA-200504-15", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" - }, - { - "name" : "MDKSA-2005:072", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" - }, - { - "name" : "RHSA-2005:405", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-405.html" - }, - { - "name" : "RHSA-2005:406", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2005-406.html" - }, - { - "name" : "USN-112-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/112-1/" - }, - { - "name" : "oval:org.mitre.oval:def:10822", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2005:406", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-406.html" + }, + { + "name": "MDKSA-2005:072", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:072" + }, + { + "name": "oval:org.mitre.oval:def:10822", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10822" + }, + { + "name": "GLSA-200504-15", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200504-15.xml" + }, + { + "name": "APPLE-SA-2005-06-08", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html" + }, + { + "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154021" + }, + { + "name": "USN-112-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/112-1/" + }, + { + "name": "RHSA-2005:405", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2005-405.html" + }, + { + "name": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u", + "refsource": "CONFIRM", + "url": "http://cvs.php.net/diff.php/php-src/ext/exif/exif.c?r1=1.118.2.33&r2=1.118.2.34&ty=u" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1126.json b/2005/1xxx/CVE-2005-1126.json index 49107a04bdf..40a10fbce2a 100644 --- a/2005/1xxx/CVE-2005-1126.json +++ b/2005/1xxx/CVE-2005-1126.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1126", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1126", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2005-10-31", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html" - }, - { - "name" : "FreeBSD-SA-05:04", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc" - }, - { - "name" : "15252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/15252" - }, - { - "name" : "ADV-2005-2256", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/2256" - }, - { - "name" : "15514", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15514" - }, - { - "name" : "14959", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/14959" - }, - { - "name" : "17368", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/17368" - }, - { - "name" : "freebsd-ifconf-information-disclosure(20114)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-2256", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/2256" + }, + { + "name": "14959", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/14959" + }, + { + "name": "17368", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/17368" + }, + { + "name": "FreeBSD-SA-05:04", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc" + }, + { + "name": "APPLE-SA-2005-10-31", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html" + }, + { + "name": "15252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/15252" + }, + { + "name": "15514", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15514" + }, + { + "name": "freebsd-ifconf-information-disclosure(20114)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20114" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1252.json b/2005/1xxx/CVE-2005-1252.json index 827877dbcb0..7c70b3381fc 100644 --- a/2005/1xxx/CVE-2005-1252.json +++ b/2005/1xxx/CVE-2005-1252.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1252", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1252", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050524 Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities" - }, - { - "name" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", - "refsource" : "CONFIRM", - "url" : "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" - }, - { - "name" : "13727", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13727" - }, - { - "name" : "1014047", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014047" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the Web Calendaring server in Ipswitch Imail 8.13, and other versions before IMail Server 8.2 Hotfix 2, allows remote attackers to read arbitrary files via \"..\\\" (dot dot backslash) sequences in the query string argument in a GET request to a non-existent .jsp file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050524 Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability", + "refsource": "IDEFENSE", + "url": "http://www.idefense.com/application/poi/display?id=242&type=vulnerabilities" + }, + { + "name": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html", + "refsource": "CONFIRM", + "url": "http://www.ipswitch.com/support/imail/releases/imail_professional/im82hf2.html" + }, + { + "name": "13727", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13727" + }, + { + "name": "1014047", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014047" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1647.json b/2005/1xxx/CVE-2005-1647.json index 3f79921e7cc..fcf56e08620 100644 --- a/2005/1xxx/CVE-2005-1647.json +++ b/2005/1xxx/CVE-2005-1647.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050515 Gurgens Guest Book Password Database Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0351.html" - }, - { - "name" : "1013976", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013976" - }, - { - "name" : "15373", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "15373", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15373" + }, + { + "name": "1013976", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013976" + }, + { + "name": "20050515 Gurgens Guest Book Password Database Vulnerability", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0351.html" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1038.json b/2009/1xxx/CVE-2009-1038.json index 4f48d43ffca..ad77e97fd97 100644 --- a/2009/1xxx/CVE-2009-1038.json +++ b/2009/1xxx/CVE-2009-1038.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8217", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8217" - }, - { - "name" : "34274", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34274" - }, - { - "name" : "52761", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52761" - }, - { - "name" : "52762", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/52762" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8217", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8217" + }, + { + "name": "52762", + "refsource": "OSVDB", + "url": "http://osvdb.org/52762" + }, + { + "name": "52761", + "refsource": "OSVDB", + "url": "http://osvdb.org/52761" + }, + { + "name": "34274", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34274" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1489.json b/2009/1xxx/CVE-2009-1489.json index 3dbbbff9806..2024718df6b 100644 --- a/2009/1xxx/CVE-2009-1489.json +++ b/2009/1xxx/CVE-2009-1489.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=124025031126068&w=2" - }, - { - "name" : "8493", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8493" - }, - { - "name" : "ADV-2009-1117", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1117" - }, - { - "name" : "fungamez-user-auth-bypass(50424)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50424" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "includes/user.php in Fungamez RC1 allows remote attackers to bypass authentication and gain administrative access by setting the user cookie parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "fungamez-user-auth-bypass(50424)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50424" + }, + { + "name": "20090420 Multiple Remote Vulnerabilities--SQLi-(INSECURE-COOKIE-HANDLING)-LFI-->", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=124025031126068&w=2" + }, + { + "name": "ADV-2009-1117", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1117" + }, + { + "name": "8493", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8493" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1570.json b/2009/1xxx/CVE-2009-1570.json index b8482888e2c..89039bcbed8 100644 --- a/2009/1xxx/CVE-2009-1570.json +++ b/2009/1xxx/CVE-2009-1570.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2009-1570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/507813/100/0/threaded" - }, - { - "name" : "http://secunia.com/secunia_research/2009-42/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2009-42/" - }, - { - "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=600484", - "refsource" : "MISC", - "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=600484" - }, - { - "name" : "http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe", - "refsource" : "CONFIRM", - "url" : "http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe" - }, - { - "name" : "GLSA-201209-23", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201209-23.xml" - }, - { - "name" : "RHSA-2011:0837", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0837.html" - }, - { - "name" : "RHSA-2011:0838", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2011-0838.html" - }, - { - "name" : "SUSE-SR:2010:009", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html" - }, - { - "name" : "37006", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/37006" - }, - { - "name" : "59930", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/59930" - }, - { - "name" : "oval:org.mitre.oval:def:8290", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290" - }, - { - "name" : "37232", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37232" - }, - { - "name" : "50737", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50737" - }, - { - "name" : "ADV-2009-3228", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3228" - }, - { - "name" : "ADV-2009-3564", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/3564" - }, - { - "name" : "ADV-2010-1021", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2010/1021" - }, - { - "name" : "gimp-readimage-bo(54254)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54254" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201209-23", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201209-23.xml" + }, + { + "name": "ADV-2009-3564", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3564" + }, + { + "name": "37006", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/37006" + }, + { + "name": "ADV-2009-3228", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/3228" + }, + { + "name": "RHSA-2011:0837", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0837.html" + }, + { + "name": "http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe", + "refsource": "CONFIRM", + "url": "http://git.gnome.org/cgit/gimp/commit/?h=gimp-2-6&id=df2b0aca2e7cdb95ebfd3454c65aaba0a83e9bbe" + }, + { + "name": "RHSA-2011:0838", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2011-0838.html" + }, + { + "name": "SUSE-SR:2010:009", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00002.html" + }, + { + "name": "gimp-readimage-bo(54254)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54254" + }, + { + "name": "oval:org.mitre.oval:def:8290", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8290" + }, + { + "name": "37232", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37232" + }, + { + "name": "50737", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50737" + }, + { + "name": "http://secunia.com/secunia_research/2009-42/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2009-42/" + }, + { + "name": "ADV-2010-1021", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2010/1021" + }, + { + "name": "20091112 Secunia Research: Gimp BMP Image Parsing Integer Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/507813/100/0/threaded" + }, + { + "name": "https://bugzilla.gnome.org/show_bug.cgi?id=600484", + "refsource": "MISC", + "url": "https://bugzilla.gnome.org/show_bug.cgi?id=600484" + }, + { + "name": "59930", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/59930" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1587.json b/2009/1xxx/CVE-2009-1587.json index 168e2c983c9..6751b916233 100644 --- a/2009/1xxx/CVE-2009-1587.json +++ b/2009/1xxx/CVE-2009-1587.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "8604", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/8604" - }, - { - "name" : "54203", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/54203" - }, - { - "name" : "34995", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34995" - }, - { - "name" : "ADV-2009-1249", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1249" - }, - { - "name" : "phpsitelock-index-security-bypass(50304)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34995", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34995" + }, + { + "name": "8604", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/8604" + }, + { + "name": "54203", + "refsource": "OSVDB", + "url": "http://osvdb.org/54203" + }, + { + "name": "phpsitelock-index-security-bypass(50304)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50304" + }, + { + "name": "ADV-2009-1249", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1249" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0233.json b/2012/0xxx/CVE-2012-0233.json index 672e8754722..f92cce0b3e7 100644 --- a/2012/0xxx/CVE-2012-0233.json +++ b/2012/0xxx/CVE-2012-0233.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" - }, - { - "name" : "52051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf" + }, + { + "name": "52051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52051" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0245.json b/2012/0xxx/CVE-2012-0245.json index 77d3fc08af8..45b164e323f 100644 --- a/2012/0xxx/CVE-2012-0245.json +++ b/2012/0xxx/CVE-2012-0245.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html" - }, - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-12-033/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-12-033/" - }, - { - "name" : "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf", - "refsource" : "CONFIRM", - "url" : "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf" - }, - { - "name" : "52123", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52123" - }, - { - "name" : "48090", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48090" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48090", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48090" + }, + { + "name": "52123", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52123" + }, + { + "name": "20120222 ZDI-12-033 : ABB WebWare RobNetScanHost.exe Remote Code Execution Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0125.html" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-059-01.pdf" + }, + { + "name": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf", + "refsource": "CONFIRM", + "url": "http://www05.abb.com/global/scot/scot348.nsf/veritydisplay/f261be074480dc24c12579a00049ecd5/$file/si10227a1%20vulnerability%20security%20advisory.pdf" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-12-033/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0302.json b/2012/0xxx/CVE-2012-0302.json index 3ba1b01dc68..91ace5dcf1a 100644 --- a/2012/0xxx/CVE-2012-0302.json +++ b/2012/0xxx/CVE-2012-0302.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00" - }, - { - "name" : "54134", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54134" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00" + }, + { + "name": "54134", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54134" + } + ] + } +} \ No newline at end of file diff --git a/2012/2xxx/CVE-2012-2533.json b/2012/2xxx/CVE-2012-2533.json index b3f22a49d8a..71983600117 100644 --- a/2012/2xxx/CVE-2012-2533.json +++ b/2012/2xxx/CVE-2012-2533.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-2533", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-2533", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3217.json b/2012/3xxx/CVE-2012-3217.json index ed7b0ccbbe8..ba71f2af570 100644 --- a/2012/3xxx/CVE-2012-3217.json +++ b/2012/3xxx/CVE-2012-3217.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-080", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" - }, - { - "name" : "MS13-013", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013" - }, - { - "name" : "TA12-346A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" - }, - { - "name" : "TA13-043B", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" - }, - { - "name" : "86392", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86392" - }, - { - "name" : "oval:org.mitre.oval:def:15911", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15911" - }, - { - "name" : "oval:org.mitre.oval:def:16080", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "TA12-346A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html" + }, + { + "name": "oval:org.mitre.oval:def:16080", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16080" + }, + { + "name": "MS13-013", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "MS12-080", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "TA13-043B", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" + }, + { + "name": "86392", + "refsource": "OSVDB", + "url": "http://osvdb.org/86392" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "oval:org.mitre.oval:def:15911", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15911" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3324.json b/2012/3xxx/CVE-2012-3324.json index cbda3622f24..c1f707bd988 100644 --- a/2012/3xxx/CVE-2012-3324.json +++ b/2012/3xxx/CVE-2012-3324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21611040", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21611040" - }, - { - "name" : "IC85513", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513" - }, - { - "name" : "db2-utlfile-dir-traversal(77924)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21611040" + }, + { + "name": "db2-utlfile-dir-traversal(77924)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77924" + }, + { + "name": "IC85513", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85513" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3445.json b/2012/3xxx/CVE-2012-3445.json index 7ea808a4ebc..77713ddae5a 100644 --- a/2012/3xxx/CVE-2012-3445.json +++ b/2012/3xxx/CVE-2012-3445.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear", - "refsource" : "MLIST", - "url" : "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html" - }, - { - "name" : "[oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/4" - }, - { - "name" : "[oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/07/31/7" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=844734", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=844734" - }, - { - "name" : "RHSA-2012:1202", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1202.html" - }, - { - "name" : "openSUSE-SU-2012:0991", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html" - }, - { - "name" : "54748", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54748" - }, - { - "name" : "50118", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50118" - }, - { - "name" : "50299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50299" - }, - { - "name" : "50372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of service (libvirtd crash) via an RPC command with nparams set to zero, which triggers an out-of-bounds read or a free of an invalid pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "50118", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50118" + }, + { + "name": "54748", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54748" + }, + { + "name": "[libvirt] 20120730 [PATCH] daemon: Fix crash in virTypedParameterArrayClear", + "refsource": "MLIST", + "url": "https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html" + }, + { + "name": "[oss-security] 20120731 CVE Request -- libvirt: crash in virTypedParameterArrayClear", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/4" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=844734", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=844734" + }, + { + "name": "RHSA-2012:1202", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1202.html" + }, + { + "name": "50299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50299" + }, + { + "name": "50372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50372" + }, + { + "name": "[oss-security] 20120731 Re: CVE Request -- libvirt: crash in virTypedParameterArrayClear", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/07/31/7" + }, + { + "name": "openSUSE-SU-2012:0991", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00023.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4478.json b/2012/4xxx/CVE-2012-4478.json index 4c441398550..cc5ad336812 100644 --- a/2012/4xxx/CVE-2012-4478.json +++ b/2012/4xxx/CVE-2012-4478.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/04/5" - }, - { - "name" : "http://drupal.org/node/1679442", - "refsource" : "MISC", - "url" : "http://drupal.org/node/1679442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to hijack the authentication of administrators." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/04/5" + }, + { + "name": "http://drupal.org/node/1679442", + "refsource": "MISC", + "url": "http://drupal.org/node/1679442" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4534.json b/2012/4xxx/CVE-2012-4534.json index 9d960ec2387..e5abbb7f2dd 100644 --- a/2012/4xxx/CVE-2012-4534.json +++ b/2012/4xxx/CVE-2012-4534.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4534", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4534", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121204 CVE-2012-4534 Apache Tomcat denial of service", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html" - }, - { - "name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218" - }, - { - "name" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218" - }, - { - "name" : "http://svn.apache.org/viewvc?view=revision&revision=1340218", - "refsource" : "CONFIRM", - "url" : "http://svn.apache.org/viewvc?view=revision&revision=1340218" - }, - { - "name" : "http://tomcat.apache.org/security-6.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-6.html" - }, - { - "name" : "http://tomcat.apache.org/security-7.html", - "refsource" : "CONFIRM", - "url" : "http://tomcat.apache.org/security-7.html" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858" - }, - { - "name" : "HPSBMU02873", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "SSRT101182", - "refsource" : "HP", - "url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" - }, - { - "name" : "HPSBST02955", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" - }, - { - "name" : "HPSBUX02866", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "SSRT101139", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=136612293908376&w=2" - }, - { - "name" : "RHSA-2013:0623", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0623.html" - }, - { - "name" : "openSUSE-SU-2013:0161", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html" - }, - { - "name" : "openSUSE-SU-2013:0170", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html" - }, - { - "name" : "openSUSE-SU-2013:0192", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html" - }, - { - "name" : "USN-1685-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1685-1" - }, - { - "name" : "56813", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56813" - }, - { - "name" : "oval:org.mitre.oval:def:19398", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398" - }, - { - "name" : "1027836", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027836" - }, - { - "name" : "57126", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57126" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT101139", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "http://svn.apache.org/viewvc?view=revision&revision=1340218", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc?view=revision&revision=1340218" + }, + { + "name": "openSUSE-SU-2013:0161", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html" + }, + { + "name": "USN-1685-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1685-1" + }, + { + "name": "1027836", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027836" + }, + { + "name": "openSUSE-SU-2013:0192", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html" + }, + { + "name": "SSRT101182", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=52858" + }, + { + "name": "openSUSE-SU-2013:0170", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html" + }, + { + "name": "http://tomcat.apache.org/security-7.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-7.html" + }, + { + "name": "HPSBMU02873", + "refsource": "HP", + "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878" + }, + { + "name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218" + }, + { + "name": "http://tomcat.apache.org/security-6.html", + "refsource": "CONFIRM", + "url": "http://tomcat.apache.org/security-6.html" + }, + { + "name": "57126", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57126" + }, + { + "name": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218", + "refsource": "CONFIRM", + "url": "http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218" + }, + { + "name": "RHSA-2013:0623", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0623.html" + }, + { + "name": "20121204 CVE-2012-4534 Apache Tomcat denial of service", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html" + }, + { + "name": "oval:org.mitre.oval:def:19398", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398" + }, + { + "name": "56813", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56813" + }, + { + "name": "HPSBUX02866", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" + }, + { + "name": "HPSBST02955", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6395.json b/2012/6xxx/CVE-2012-6395.json index 73d21a9be4a..3c9af7d2065 100644 --- a/2012/6xxx/CVE-2012-6395.json +++ b/2012/6xxx/CVE-2012-6395.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6395", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-6395", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130112 Cisco Adaptive Security Appliance CIFS UNC Input Validation Issue", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6395" - }, - { - "name" : "1028009", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1028009" - }, - { - "name" : "51955", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51955", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51955" + }, + { + "name": "1028009", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1028009" + }, + { + "name": "20130112 Cisco Adaptive Security Appliance CIFS UNC Input Validation Issue", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6395" + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6673.json b/2012/6xxx/CVE-2012-6673.json index 368fa17b3e8..699cc30c7af 100644 --- a/2012/6xxx/CVE-2012-6673.json +++ b/2012/6xxx/CVE-2012-6673.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6673", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6673", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2028.json b/2017/2xxx/CVE-2017-2028.json index ff0c7c255d6..fd3aa4aded9 100644 --- a/2017/2xxx/CVE-2017-2028.json +++ b/2017/2xxx/CVE-2017-2028.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2028", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2028", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2038.json b/2017/2xxx/CVE-2017-2038.json index e850c50456c..8ced90ac844 100644 --- a/2017/2xxx/CVE-2017-2038.json +++ b/2017/2xxx/CVE-2017-2038.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2038", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2038", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2185.json b/2017/2xxx/CVE-2017-2185.json index 99745c0a0f6..d5404324b48 100644 --- a/2017/2xxx/CVE-2017-2185.json +++ b/2017/2xxx/CVE-2017-2185.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "HOME SPOT CUBE2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware V101 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "KDDI CORPORATION" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "OS Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "HOME SPOT CUBE2", + "version": { + "version_data": [ + { + "version_value": "firmware V101 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "KDDI CORPORATION" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/", - "refsource" : "CONFIRM", - "url" : "https://www.au.com/information/notice_mobile/update/update-20170612-01/" - }, - { - "name" : "JVN#24348065", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN24348065/index.html" - }, - { - "name" : "99282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99282" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via WebUI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "OS Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/", + "refsource": "CONFIRM", + "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/" + }, + { + "name": "99282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99282" + }, + { + "name": "JVN#24348065", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN24348065/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2336.json b/2017/2xxx/CVE-2017-2336.json index ca36822e57b..80ffab980ee 100644 --- a/2017/2xxx/CVE-2017-2336.json +++ b/2017/2xxx/CVE-2017-2336.json @@ -1,104 +1,104 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-2336", - "STATE" : "PUBLIC", - "TITLE" : "ScreenOS: XSS vulnerability in ScreenOS Firewall" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ScreenOS", - "version" : { - "version_data" : [ - { - "platform" : "SSG Series", - "version_value" : "6.3.0 prior to 6.3.0r24" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [ - "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.", - "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability." - ], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.6, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "CHANGED", - "userInteraction" : "REQUIRED", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "reflected cross site scripting vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-2336", + "STATE": "PUBLIC", + "TITLE": "ScreenOS: XSS vulnerability in ScreenOS Firewall" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ScreenOS", + "version": { + "version_data": [ + { + "platform": "SSG Series", + "version_value": "6.3.0 prior to 6.3.0r24" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10782", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10782" - }, - { - "name" : "99590", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99590" - }, - { - "name" : "1038881", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038881" - } - ] - }, - "solution" : "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.", - "work_around" : [ - { - "lang" : "eng", - "value" : "Use access lists or firewall filters to limit access to the firewall's WebUI only from trusted hosts." - } - ] -} + } + }, + "configuration": [], + "credit": [ + "Gaku Mochizuki/Toshitsugu Yoneyama from Mitsui Bussan Secure Directions, Inc., for reporting this issue to the JPCERT/CC.", + "Craig Young, Principal Security Researcher, Tripwire VERT, for responsibly reporting this vulnerability." + ], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a network based attacker to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the attacker to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "CHANGED", + "userInteraction": "REQUIRED", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "reflected cross site scripting vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10782", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10782" + }, + { + "name": "1038881", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038881" + }, + { + "name": "99590", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99590" + } + ] + }, + "solution": "ScreenOS has been updated to add checks to prevent scripts in WebUI strings.\n\nThe following software release has been updated to resolve this specific issue: ScreenOS 6.3.0r24, and all subsequent releases.\n\nThis issue is being tracked as PR 1136628 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.", + "work_around": [ + { + "lang": "eng", + "value": "Use access lists or firewall filters to limit access to the firewall's WebUI only from trusted hosts." + } + ] +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2467.json b/2017/2xxx/CVE-2017-2467.json index d70e5ceb120..79cdf8ce272 100644 --- a/2017/2xxx/CVE-2017-2467.json +++ b/2017/2xxx/CVE-2017-2467.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2876.json b/2017/2xxx/CVE-2017-2876.json index 3b7cd453da5..461ec92e170 100644 --- a/2017/2xxx/CVE-2017-2876.json +++ b/2017/2xxx/CVE-2017-2876.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-2876", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foscam C1 Indoor HD Camera", - "version" : { - "version_data" : [ - { - "version_value" : "Foscam Indoor IP Camera C1 Series.System Firmware Version: 1.9.3.18.Application Firmware Version: 2.52.2.43.Plug-In Version: 3.3.0.26" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Stack-based Buffer Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-2876", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foscam C1 Indoor HD Camera", + "version": { + "version_data": [ + { + "version_value": "Foscam Indoor IP Camera C1 Series.System Firmware Version: 1.9.3.18.Application Firmware Version: 2.52.2.43.Plug-In Version: 3.3.0.26" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Stack-based Buffer Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0383" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2954.json b/2017/2xxx/CVE-2017-2954.json index 2ca9a83724d..f54e7b4e5b0 100644 --- a/2017/2xxx/CVE-2017-2954.json +++ b/2017/2xxx/CVE-2017-2954.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95345" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when handling malformed TIFF images. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95345" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6987.json b/2017/6xxx/CVE-2017-6987.json index 86e7f25f13b..f2d92e6132a 100644 --- a/2017/6xxx/CVE-2017-6987.json +++ b/2017/6xxx/CVE-2017-6987.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6987", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6987", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207800", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207800" - }, - { - "name" : "https://support.apple.com/HT207801", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207801" - }, - { - "name" : "98468", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98468" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + }, + { + "name": "https://support.apple.com/HT207800", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207800" + }, + { + "name": "98468", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98468" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + }, + { + "name": "https://support.apple.com/HT207801", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207801" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7675.json b/2017/7xxx/CVE-2017-7675.json index 428713722f7..e2ab07e1330 100644 --- a/2017/7xxx/CVE-2017-7675.json +++ b/2017/7xxx/CVE-2017-7675.json @@ -1,81 +1,81 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-08-10T00:00:00", - "ID" : "CVE-2017-7675", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Tomcat", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.M1 to 9.0.0.M21" - }, - { - "version_value" : "8.5.0 to 8.5.15" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-08-10T00:00:00", + "ID": "CVE-2017-7675", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Tomcat", + "version": { + "version_data": [ + { + "version_value": "9.0.0.M1 to 9.0.0.M21" + }, + { + "version_value": "8.5.0 to 8.5.15" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20170810 [UPDATE][SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180614-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180614-0003/" - }, - { - "name" : "DSA-3974", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3974" - }, - { - "name" : "100256", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100256" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100256", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100256" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180614-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180614-0003/" + }, + { + "name": "DSA-3974", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3974" + }, + { + "name": "[announce] 20170810 [UPDATE][SECURITY] CVE-2017-7675 Apache Tomcat Security Constraint Bypass", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/d3a5818e8af731bde6a05ef031ed3acc093c6dd7c4bfcc4936eafd6c@%3Cannounce.tomcat.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7947.json b/2017/7xxx/CVE-2017-7947.json index 41ed983f452..63aae1902bb 100644 --- a/2017/7xxx/CVE-2017-7947.json +++ b/2017/7xxx/CVE-2017-7947.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7947", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7947", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.netapp.com/support/s/article/NTAP-20170630-0001", - "refsource" : "CONFIRM", - "url" : "https://kb.netapp.com/support/s/article/NTAP-20170630-0001" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.netapp.com/support/s/article/NTAP-20170630-0001", + "refsource": "CONFIRM", + "url": "https://kb.netapp.com/support/s/article/NTAP-20170630-0001" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11212.json b/2018/11xxx/CVE-2018-11212.json index 1d08e022185..7a287a99c91 100644 --- a/2018/11xxx/CVE-2018-11212.json +++ b/2018/11xxx/CVE-2018-11212.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-11212", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-11212", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" - }, - { - "name" : "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a", - "refsource" : "MISC", - "url" : "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a" - }, - { - "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", - "refsource" : "CONFIRM", - "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20190118-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20190118-0001/" - }, - { - "name" : "RHSA-2019:0469", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0469" - }, - { - "name" : "RHSA-2019:0472", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0472" - }, - { - "name" : "RHSA-2019:0473", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0473" - }, - { - "name" : "RHSA-2019:0474", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2019:0474" - }, - { - "name" : "USN-3706-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3706-1/" - }, - { - "name" : "USN-3706-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3706-2/" - }, - { - "name" : "106583", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in libjpeg 9a. The alloc_sarray function in jmemmgr.c allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "106583", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106583" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20190118-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20190118-0001/" + }, + { + "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", + "refsource": "CONFIRM", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" + }, + { + "name": "USN-3706-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3706-2/" + }, + { + "name": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a", + "refsource": "MISC", + "url": "https://github.com/ChijinZ/security_advisories/tree/master/libjpeg-v9a" + }, + { + "name": "RHSA-2019:0474", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0474" + }, + { + "name": "USN-3706-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3706-1/" + }, + { + "name": "[debian-lts-announce] 20190122 [SECURITY] [DLA 1638-1] libjpeg-turbo security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00015.html" + }, + { + "name": "RHSA-2019:0469", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0469" + }, + { + "name": "RHSA-2019:0473", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0473" + }, + { + "name": "RHSA-2019:0472", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2019:0472" + } + ] + } +} \ No newline at end of file diff --git a/2018/11xxx/CVE-2018-11849.json b/2018/11xxx/CVE-2018-11849.json index 5aa3566f731..cbf1ecb70d1 100644 --- a/2018/11xxx/CVE-2018-11849.json +++ b/2018/11xxx/CVE-2018-11849.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2018-11849", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", - "version" : { - "version_data" : [ - { - "version_value" : "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy Without Checking Size of Input in WLAN" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2018-11849", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version": { + "version_data": [ + { + "version_value": "IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.qualcomm.com/company/product-security/bulletins", - "refsource" : "CONFIRM", - "url" : "https://www.qualcomm.com/company/product-security/bulletins" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy Without Checking Size of Input in WLAN" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.qualcomm.com/company/product-security/bulletins", + "refsource": "CONFIRM", + "url": "https://www.qualcomm.com/company/product-security/bulletins" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14363.json b/2018/14xxx/CVE-2018-14363.json index a5d7bea9862..e99436db12b 100644 --- a/2018/14xxx/CVE-2018-14363.json +++ b/2018/14xxx/CVE-2018-14363.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14363", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14363", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" - }, - { - "name" : "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", - "refsource" : "MISC", - "url" : "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" - }, - { - "name" : "https://neomutt.org/2018/07/16/release", - "refsource" : "MISC", - "url" : "https://neomutt.org/2018/07/16/release" - }, - { - "name" : "DSA-4277", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-4277", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4277" + }, + { + "name": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e", + "refsource": "MISC", + "url": "https://github.com/neomutt/neomutt/commit/9bfab35522301794483f8f9ed60820bdec9be59e" + }, + { + "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" + }, + { + "name": "https://neomutt.org/2018/07/16/release", + "refsource": "MISC", + "url": "https://neomutt.org/2018/07/16/release" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14602.json b/2018/14xxx/CVE-2018-14602.json index e7df8973d63..f65aa6d883b 100644 --- a/2018/14xxx/CVE-2018-14602.json +++ b/2018/14xxx/CVE-2018-14602.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14602", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14602", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/", - "refsource" : "MISC", - "url" : "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" - }, - { - "name" : "https://gitlab.com/gitlab-com/infrastructure/issues/4423", - "refsource" : "CONFIRM", - "url" : "https://gitlab.com/gitlab-com/infrastructure/issues/4423" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics feature discloses private project pathnames." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/", + "refsource": "MISC", + "url": "https://about.gitlab.com/2018/07/26/security-release-gitlab-11-dot-1-dot-2-released/" + }, + { + "name": "https://gitlab.com/gitlab-com/infrastructure/issues/4423", + "refsource": "CONFIRM", + "url": "https://gitlab.com/gitlab-com/infrastructure/issues/4423" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14732.json b/2018/14xxx/CVE-2018-14732.json index cacaaf842e9..1f2ba19c0e5 100644 --- a/2018/14xxx/CVE-2018-14732.json +++ b/2018/14xxx/CVE-2018-14732.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages", - "refsource" : "MISC", - "url" : "https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages" - }, - { - "name" : "https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10", - "refsource" : "CONFIRM", - "url" : "https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10" - }, - { - "name" : "https://github.com/webpack/webpack-dev-server/issues/1445", - "refsource" : "CONFIRM", - "url" : "https://github.com/webpack/webpack-dev-server/issues/1445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.6. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/webpack/webpack-dev-server/issues/1445", + "refsource": "CONFIRM", + "url": "https://github.com/webpack/webpack-dev-server/issues/1445" + }, + { + "name": "https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages", + "refsource": "MISC", + "url": "https://blog.cal1.cn/post/Sniffing%20Codes%20in%20Hot%20Module%20Reloading%20Messages" + }, + { + "name": "https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10", + "refsource": "CONFIRM", + "url": "https://github.com/webpack/webpack-dev-server/commit/f18e5adf123221a1015be63e1ca2491ca45b8d10" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14735.json b/2018/14xxx/CVE-2018-14735.json index ae4029d576f..d3ed486d7b1 100644 --- a/2018/14xxx/CVE-2018-14735.json +++ b/2018/14xxx/CVE-2018-14735.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-123/", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-123/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Exposure issue was discovered in Hitachi Command Suite 8.5.3. A remote attacker may be able to exploit a flaw in the permission of messaging that may allow for information exposure via a crafted message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-123/", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2018-123/" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15236.json b/2018/15xxx/CVE-2018-15236.json index 98d2c821b9b..67c4dfb0767 100644 --- a/2018/15xxx/CVE-2018-15236.json +++ b/2018/15xxx/CVE-2018-15236.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15236", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15236", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15300.json b/2018/15xxx/CVE-2018-15300.json index 2ec72c0d070..e70f7269d8f 100644 --- a/2018/15xxx/CVE-2018-15300.json +++ b/2018/15xxx/CVE-2018-15300.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15300", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15300", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15544.json b/2018/15xxx/CVE-2018-15544.json index 013525b818d..bbf3627d11a 100644 --- a/2018/15xxx/CVE-2018-15544.json +++ b/2018/15xxx/CVE-2018-15544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15544", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15544", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15949.json b/2018/15xxx/CVE-2018-15949.json index d4951bcaa18..7dd944b014a 100644 --- a/2018/15xxx/CVE-2018-15949.json +++ b/2018/15xxx/CVE-2018-15949.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-15949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat and Reader", - "version" : { - "version_data" : [ - { - "version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out-of-bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-15949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat and Reader", + "version": { + "version_data": [ + { + "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" - }, - { - "name" : "105439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105439" - }, - { - "name" : "1041809", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out-of-bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1041809", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041809" + }, + { + "name": "105439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105439" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20065.json b/2018/20xxx/CVE-2018-20065.json index b7a158b15ce..f95c28e1c51 100644 --- a/2018/20xxx/CVE-2018-20065.json +++ b/2018/20xxx/CVE-2018-20065.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "chrome-cve-admin@google.com", - "ID" : "CVE-2018-20065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Chrome", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "71.0.3578.80" - } - ] - } - } - ] - }, - "vendor_name" : "Google" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Inappropriate implementation" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2018-20065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Chrome", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "71.0.3578.80" + } + ] + } + } + ] + }, + "vendor_name": "Google" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://crbug.com/851821", - "refsource" : "MISC", - "url" : "https://crbug.com/851821" - }, - { - "name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", - "refsource" : "CONFIRM", - "url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Handling of URI action in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to initiate potentially unsafe navigations without a user gesture via a crafted PDF file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Inappropriate implementation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://crbug.com/851821", + "refsource": "MISC", + "url": "https://crbug.com/851821" + }, + { + "name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", + "refsource": "CONFIRM", + "url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20635.json b/2018/20xxx/CVE-2018-20635.json index 3a3d0885c7b..92770426f37 100644 --- a/2018/20xxx/CVE-2018-20635.json +++ b/2018/20xxx/CVE-2018-20635.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20635", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20635", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20735.json b/2018/20xxx/CVE-2018-20735.json index 379edba884e..cedbb72475f 100644 --- a/2018/20xxx/CVE-2018-20735.json +++ b/2018/20xxx/CVE-2018-20735.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20735", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20735", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.securifera.com/blog/2018/12/17/bmc-patrol-agent-domain-user-to-domain-admin/", - "refsource" : "MISC", - "url" : "https://www.securifera.com/blog/2018/12/17/bmc-patrol-agent-domain-user-to-domain-admin/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in BMC PATROL Agent through 11.3.01. It was found that the PatrolCli application can allow for lateral movement and escalation of privilege inside a Windows Active Directory environment. It was found that by default the PatrolCli / PATROL Agent application only verifies if the password provided for the given username is correct; it does not verify the permissions of the user on the network. This means if you have PATROL Agent installed on a high value target (domain controller), you can use a low privileged domain user to authenticate with PatrolCli and then connect to the domain controller and run commands as SYSTEM. This means any user on a domain can escalate to domain admin through PATROL Agent. NOTE: the vendor disputes this because they believe it is adequate to prevent this escalation by means of a custom, non-default configuration." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.securifera.com/blog/2018/12/17/bmc-patrol-agent-domain-user-to-domain-admin/", + "refsource": "MISC", + "url": "https://www.securifera.com/blog/2018/12/17/bmc-patrol-agent-domain-user-to-domain-admin/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9215.json b/2018/9xxx/CVE-2018-9215.json index d25cea57558..840bffcf226 100644 --- a/2018/9xxx/CVE-2018-9215.json +++ b/2018/9xxx/CVE-2018-9215.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9215", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9215", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9866.json b/2018/9xxx/CVE-2018-9866.json index 6ad9cbbce16..b9ed099741e 100644 --- a/2018/9xxx/CVE-2018-9866.json +++ b/2018/9xxx/CVE-2018-9866.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@sonicwall.com", - "ID" : "CVE-2018-9866", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Global Management System (GMS)", - "version" : { - "version_data" : [ - { - "version_value" : "8.1 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "SonicWall" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT@sonicwall.com", + "ID": "CVE-2018-9866", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Global Management System (GMS)", + "version": { + "version_data": [ + { + "version_value": "8.1 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "SonicWall" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/rapid7/metasploit-framework/pull/10305", - "refsource" : "MISC", - "url" : "https://github.com/rapid7/metasploit-framework/pull/10305" - }, - { - "name" : "https://twitter.com/ddouhine/status/1019251292202586112", - "refsource" : "MISC", - "url" : "https://twitter.com/ddouhine/status/1019251292202586112" - }, - { - "name" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007", - "refsource" : "CONFIRM", - "url" : "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://twitter.com/ddouhine/status/1019251292202586112", + "refsource": "MISC", + "url": "https://twitter.com/ddouhine/status/1019251292202586112" + }, + { + "name": "https://github.com/rapid7/metasploit-framework/pull/10305", + "refsource": "MISC", + "url": "https://github.com/rapid7/metasploit-framework/pull/10305" + }, + { + "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007", + "refsource": "CONFIRM", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9897.json b/2018/9xxx/CVE-2018-9897.json index 0a5255240ca..beab1d51478 100644 --- a/2018/9xxx/CVE-2018-9897.json +++ b/2018/9xxx/CVE-2018-9897.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9897", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9897", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9979.json b/2018/9xxx/CVE-2018-9979.json index 657a626a8a2..410656c75d0 100644 --- a/2018/9xxx/CVE-2018-9979.json +++ b/2018/9xxx/CVE-2018-9979.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9979", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.0.29935" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9979", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.0.29935" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-377", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-377" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Continuation objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5429." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-377", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-377" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file