From 05fba406a67a56c96d77771cdc3717d2c3e7aaa3 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:43:13 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0664.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0719.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0738.json | 160 ++++++++--------- 2002/1xxx/CVE-2002-1125.json | 200 ++++++++++----------- 2002/1xxx/CVE-2002-1248.json | 150 ++++++++-------- 2002/1xxx/CVE-2002-1891.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2281.json | 150 ++++++++-------- 2003/0xxx/CVE-2003-0435.json | 130 +++++++------- 2003/0xxx/CVE-2003-0564.json | 240 ++++++++++++------------- 2003/0xxx/CVE-2003-0729.json | 140 +++++++-------- 2003/0xxx/CVE-2003-0843.json | 120 ++++++------- 2003/0xxx/CVE-2003-0982.json | 160 ++++++++--------- 2003/1xxx/CVE-2003-1105.json | 140 +++++++-------- 2012/0xxx/CVE-2012-0477.json | 260 +++++++++++++-------------- 2012/0xxx/CVE-2012-0579.json | 160 ++++++++--------- 2012/0xxx/CVE-2012-0717.json | 130 +++++++------- 2012/0xxx/CVE-2012-0734.json | 160 ++++++++--------- 2012/1xxx/CVE-2012-1619.json | 34 ++-- 2012/1xxx/CVE-2012-1695.json | 150 ++++++++-------- 2012/3xxx/CVE-2012-3334.json | 150 ++++++++-------- 2012/3xxx/CVE-2012-3641.json | 170 +++++++++--------- 2012/3xxx/CVE-2012-3954.json | 220 +++++++++++------------ 2012/4xxx/CVE-2012-4190.json | 150 ++++++++-------- 2012/4xxx/CVE-2012-4461.json | 220 +++++++++++------------ 2012/4xxx/CVE-2012-4505.json | 240 ++++++++++++------------- 2012/4xxx/CVE-2012-4583.json | 130 +++++++------- 2012/4xxx/CVE-2012-4611.json | 170 +++++++++--------- 2017/2xxx/CVE-2017-2158.json | 130 +++++++------- 2017/2xxx/CVE-2017-2345.json | 318 ++++++++++++++++----------------- 2017/2xxx/CVE-2017-2496.json | 160 ++++++++--------- 2017/2xxx/CVE-2017-2872.json | 122 ++++++------- 2017/3xxx/CVE-2017-3889.json | 130 +++++++------- 2017/6xxx/CVE-2017-6376.json | 34 ++-- 2017/6xxx/CVE-2017-6732.json | 130 +++++++------- 2017/6xxx/CVE-2017-6740.json | 140 +++++++-------- 2017/7xxx/CVE-2017-7343.json | 120 ++++++------- 2017/7xxx/CVE-2017-7779.json | 266 +++++++++++++-------------- 2018/10xxx/CVE-2018-10156.json | 34 ++-- 2018/10xxx/CVE-2018-10427.json | 34 ++-- 2018/10xxx/CVE-2018-10544.json | 120 ++++++------- 2018/10xxx/CVE-2018-10701.json | 34 ++-- 2018/10xxx/CVE-2018-10709.json | 130 +++++++------- 2018/14xxx/CVE-2018-14199.json | 34 ++-- 2018/14xxx/CVE-2018-14435.json | 130 +++++++------- 2018/14xxx/CVE-2018-14872.json | 120 ++++++------- 2018/14xxx/CVE-2018-14915.json | 34 ++-- 2018/14xxx/CVE-2018-14945.json | 130 +++++++------- 2018/17xxx/CVE-2018-17662.json | 130 +++++++------- 2018/20xxx/CVE-2018-20197.json | 120 ++++++------- 2018/20xxx/CVE-2018-20301.json | 120 ++++++------- 2018/20xxx/CVE-2018-20579.json | 120 ++++++------- 2018/20xxx/CVE-2018-20665.json | 34 ++-- 2018/9xxx/CVE-2018-9130.json | 130 +++++++------- 2018/9xxx/CVE-2018-9704.json | 34 ++-- 2018/9xxx/CVE-2018-9903.json | 34 ++-- 55 files changed, 3713 insertions(+), 3713 deletions(-) diff --git a/2002/0xxx/CVE-2002-0664.json b/2002/0xxx/CVE-2002-0664.json index 2c74800aba0..777a1f67bb3 100644 --- a/2002/0xxx/CVE-2002-0664.json +++ b/2002/0xxx/CVE-2002-0664.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103134154721846&w=2" - }, - { - "name" : "zmerge-admindb-script-access(10057)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10057.php" - }, - { - "name" : "5101", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The default Access Control Lists (ACLs) of the administration database for ZMerge 4.x and 5.x provides arbitrary users (including anonymous users) with Manager level access, which allows the users to read or modify import/export scripts." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020906 Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103134154721846&w=2" + }, + { + "name": "5101", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5101" + }, + { + "name": "zmerge-admindb-script-access(10057)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10057.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0719.json b/2002/0xxx/CVE-2002-0719.json index 3589969ba56..85276cbb789 100644 --- a/2002/0xxx/CVE-2002-0719.json +++ b/2002/0xxx/CVE-2002-0719.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0719", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0719", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-041", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041" - }, - { - "name" : "5422", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5422" - }, - { - "name" : "mcms-resource-sql-injection(9785)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9785.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5422", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5422" + }, + { + "name": "MS02-041", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041" + }, + { + "name": "mcms-resource-sql-injection(9785)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9785.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0738.json b/2002/0xxx/CVE-2002-0738.json index 6408be38df4..fe8b7dabb52 100644 --- a/2002/0xxx/CVE-2002-0738.json +++ b/2002/0xxx/CVE-2002-0738.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0738", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"&={script}\" syntax." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0738", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html" - }, - { - "name" : "http://www.mhonarc.org/MHonArc/CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.mhonarc.org/MHonArc/CHANGES" - }, - { - "name" : "DSA-163", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-163" - }, - { - "name" : "mhonarc-script-filtering-bypass(8894)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8894.php" - }, - { - "name" : "4546", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4546" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"&={script}\" syntax." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-163", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-163" + }, + { + "name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html" + }, + { + "name": "http://www.mhonarc.org/MHonArc/CHANGES", + "refsource": "CONFIRM", + "url": "http://www.mhonarc.org/MHonArc/CHANGES" + }, + { + "name": "4546", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4546" + }, + { + "name": "mhonarc-script-filtering-bypass(8894)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8894.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1125.json b/2002/1xxx/CVE-2002-1125.json index b040856e142..fd2e1865513 100644 --- a/2002/1xxx/CVE-2002-1125.json +++ b/2002/1xxx/CVE-2002-1125.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html" - }, - { - "name" : "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103228135413310&w=2" - }, - { - "name" : "FreeBSD-SA-02:39", - "refsource" : "FREEBSD", - "url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc" - }, - { - "name" : "bsd-libkvm-descriptor-leak(10109)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10109.php" - }, - { - "name" : "5714", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5714" - }, - { - "name" : "5716", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5716" - }, - { - "name" : "5718", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5718" - }, - { - "name" : "5719", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5719" - }, - { - "name" : "5720", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5720" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and earlier, including (1) asmon, (2) ascpu, (3) bubblemon, (4) wmmon, and (5) wmnet2, leave open file descriptors for /dev/mem and /dev/kmem, which allows local users to read kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103228135413310&w=2" + }, + { + "name": "5719", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5719" + }, + { + "name": "5718", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5718" + }, + { + "name": "FreeBSD-SA-02:39", + "refsource": "FREEBSD", + "url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc" + }, + { + "name": "5714", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5714" + }, + { + "name": "bsd-libkvm-descriptor-leak(10109)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10109.php" + }, + { + "name": "5720", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5720" + }, + { + "name": "20020916 iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html" + }, + { + "name": "5716", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5716" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1248.json b/2002/1xxx/CVE-2002-1248.json index cfc4be0eb3d..beae3f8c9c2 100644 --- a/2002/1xxx/CVE-2002-1248.json +++ b/2002/1xxx/CVE-2002-1248.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a \"%\" URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103642597302308&w=2" - }, - { - "name" : "http://www.idefense.com/advisory/11.04.02b.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/11.04.02b.txt" - }, - { - "name" : "xeneo-php-dos(10534)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10534.php" - }, - { - "name" : "6098", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a \"%\" URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.idefense.com/advisory/11.04.02b.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/11.04.02b.txt" + }, + { + "name": "6098", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6098" + }, + { + "name": "xeneo-php-dos(10534)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10534.php" + }, + { + "name": "20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103642597302308&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1891.json b/2002/1xxx/CVE-2002-1891.json index a34d57f46f0..6d208cd478f 100644 --- a/2002/1xxx/CVE-2002-1891.json +++ b/2002/1xxx/CVE-2002-1891.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020612 Remote Hole in IRC Client and Stuff", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/276537" - }, - { - "name" : "4998", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4998" - }, - { - "name" : "ircit-invite-bo(9340)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9340.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ircit-invite-bo(9340)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9340.php" + }, + { + "name": "20020612 Remote Hole in IRC Client and Stuff", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/276537" + }, + { + "name": "4998", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4998" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2281.json b/2002/2xxx/CVE-2002-2281.json index 9499169a41e..8f62e13aaa2 100644 --- a/2002/2xxx/CVE-2002-2281.json +++ b/2002/2xxx/CVE-2002-2281.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2281", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2281", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021121 [LSD] Java and JVM security vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103798147613151&w=2" - }, - { - "name" : "http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf", - "refsource" : "MISC", - "url" : "http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf" - }, - { - "name" : "6222", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6222" - }, - { - "name" : "symantec-jit-bypass-security(10711)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6222", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6222" + }, + { + "name": "http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf", + "refsource": "MISC", + "url": "http://www.lsd-pl.net/documents/javasecurity-1.0.0.pdf" + }, + { + "name": "symantec-jit-bypass-security(10711)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10711" + }, + { + "name": "20021121 [LSD] Java and JVM security vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103798147613151&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0435.json b/2003/0xxx/CVE-2003-0435.json index 862bbf5b6a8..dbed2a540a2 100644 --- a/2003/0xxx/CVE-2003-0435.json +++ b/2003/0xxx/CVE-2003-0435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105553002105111&w=2" - }, - { - "name" : "DSA-322", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-322" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-322", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-322" + }, + { + "name": "20030612 BAZARR THUG LIFE , DONT READ OR VIRUS INFECT YOU", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105553002105111&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0564.json b/2003/0xxx/CVE-2003-0564.json index 7407ada986d..dfb9b67fde8 100644 --- a/2003/0xxx/CVE-2003-0564.json +++ b/2003/0xxx/CVE-2003-0564.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0564", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0564", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm" - }, - { - "name" : "VU#428230", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/428230" - }, - { - "name" : "FLSA:2089", - "refsource" : "FEDORA", - "url" : "http://marc.info/?l=bugtraq&m=109900315219363&w=2" - }, - { - "name" : "SSRT4722", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=108448379429944&w=2" - }, - { - "name" : "MDKSA-2004:021", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021" - }, - { - "name" : "RHSA-2004:110", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-110.html" - }, - { - "name" : "RHSA-2004:112", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-112.html" - }, - { - "name" : "20040402-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc" - }, - { - "name" : "8981", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8981" - }, - { - "name" : "oval:org.mitre.oval:def:872", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A872" - }, - { - "name" : "oval:org.mitre.oval:def:914", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A914" - }, - { - "name" : "oval:org.mitre.oval:def:11462", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11462" - }, - { - "name" : "smime-asn1-bo(13603)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions (S/MIME) protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as demonstrated using the NISSC test suite." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:110", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-110.html" + }, + { + "name": "FLSA:2089", + "refsource": "FEDORA", + "url": "http://marc.info/?l=bugtraq&m=109900315219363&w=2" + }, + { + "name": "oval:org.mitre.oval:def:11462", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11462" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2003/006489/smime.htm" + }, + { + "name": "8981", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8981" + }, + { + "name": "RHSA-2004:112", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-112.html" + }, + { + "name": "smime-asn1-bo(13603)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13603" + }, + { + "name": "oval:org.mitre.oval:def:872", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A872" + }, + { + "name": "SSRT4722", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=108448379429944&w=2" + }, + { + "name": "MDKSA-2004:021", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:021" + }, + { + "name": "20040402-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040402-01-U.asc" + }, + { + "name": "VU#428230", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/428230" + }, + { + "name": "oval:org.mitre.oval:def:914", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A914" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0729.json b/2003/0xxx/CVE-2003-0729.json index a12eec6c870..961b17543a7 100644 --- a/2003/0xxx/CVE-2003-0729.json +++ b/2003/0xxx/CVE-2003-0729.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0729", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0729", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html" - }, - { - "name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html" - }, - { - "name" : "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106252411425545&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0091.html" + }, + { + "name": "20030901 Security Vulnerability in Tellurian TftpdNT (Long Filename)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106252411425545&w=2" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5RP0M1PAUM.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0843.json b/2003/0xxx/CVE-2003-0843.json index 31799b319c6..95ae16c5e38 100644 --- a/2003/0xxx/CVE-2003-0843.json +++ b/2003/0xxx/CVE-2003-0843.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0843", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an \"Accept-Encoding: gzip\" header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0843", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030601 Mod_gzip Debug Mode Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105457180009860&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode and using the Apache log, allows remote attackers to execute arbitrary code via format string characters in an HTTP GET request with an \"Accept-Encoding: gzip\" header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030601 Mod_gzip Debug Mode Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105457180009860&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0982.json b/2003/0xxx/CVE-2003-0982.json index 1ec43eefc60..32f6f73049a 100644 --- a/2003/0xxx/CVE-2003-0982.json +++ b/2003/0xxx/CVE-2003-0982.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0982", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0982", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031210 Vulnerability in Authentication Library for ACNS", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml" - }, - { - "name" : "VU#352462", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/352462" - }, - { - "name" : "9187", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9187" - }, - { - "name" : "10409", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10409" - }, - { - "name" : "cisco-acns-password-bo(13945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13945" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031210 Vulnerability in Authentication Library for ACNS", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031210-ACNS-auth.shtml" + }, + { + "name": "VU#352462", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/352462" + }, + { + "name": "cisco-acns-password-bo(13945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13945" + }, + { + "name": "10409", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10409" + }, + { + "name": "9187", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9187" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1105.json b/2003/1xxx/CVE-2003-1105.json index 6cc2d865194..0326a1a2262 100644 --- a/2003/1xxx/CVE-2003-1105.json +++ b/2003/1xxx/CVE-2003-1105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-032", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" - }, - { - "name" : "VU#813208", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/813208" - }, - { - "name" : "ie-input-type-dos(13029)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ie-input-type-dos(13029)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13029" + }, + { + "name": "MS03-032", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032" + }, + { + "name": "VU#813208", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/813208" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0477.json b/2012/0xxx/CVE-2012-0477.json index 68dd13b274f..ce3d008aabf 100644 --- a/2012/0xxx/CVE-2012-0477.json +++ b/2012/0xxx/CVE-2012-0477.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-29.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-29.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718573", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718573" - }, - { - "name" : "DSA-2457", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2457" - }, - { - "name" : "DSA-2458", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2458" - }, - { - "name" : "DSA-2464", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2464" - }, - { - "name" : "MDVSA-2012:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" - }, - { - "name" : "MDVSA-2012:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" - }, - { - "name" : "53229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53229" - }, - { - "name" : "oval:org.mitre.oval:def:16889", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889" - }, - { - "name" : "48972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48972" - }, - { - "name" : "49047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49047" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - }, - { - "name" : "48920", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48920" - }, - { - "name" : "48922", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48922" - }, - { - "name" : "firefox-iso2022kr-xss(75154)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75154" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48922", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48922" + }, + { + "name": "oval:org.mitre.oval:def:16889", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16889" + }, + { + "name": "firefox-iso2022kr-xss(75154)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75154" + }, + { + "name": "53229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53229" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718573", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718573" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-29.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-29.html" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "DSA-2458", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2458" + }, + { + "name": "48920", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48920" + }, + { + "name": "DSA-2457", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2457" + }, + { + "name": "DSA-2464", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2464" + }, + { + "name": "MDVSA-2012:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" + }, + { + "name": "48972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48972" + }, + { + "name": "MDVSA-2012:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" + }, + { + "name": "49047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49047" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0579.json b/2012/0xxx/CVE-2012-0579.json index b2d49337a3e..398ed614a12 100644 --- a/2012/0xxx/CVE-2012-0579.json +++ b/2012/0xxx/CVE-2012-0579.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53109", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53109" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - }, - { - "name" : "48831", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53109", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53109" + }, + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48831", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48831" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0717.json b/2012/0xxx/CVE-2012-0717.json index 61fa4c42fc2..8596387ab29 100644 --- a/2012/0xxx/CVE-2012-0717.json +++ b/2012/0xxx/CVE-2012-0717.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21595172", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21595172" - }, - { - "name" : "PM52351", - "refsource" : "AIXAPAR", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg1PM52351" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21595172", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21595172" + }, + { + "name": "PM52351", + "refsource": "AIXAPAR", + "url": "http://www.ibm.com/support/docview.wss?uid=swg1PM52351" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0734.json b/2012/0xxx/CVE-2012-0734.json index 0079bb11425..90ce403bfef 100644 --- a/2012/0xxx/CVE-2012-0734.json +++ b/2012/0xxx/CVE-2012-0734.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0734", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0734", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" - }, - { - "name" : "53247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53247" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ae-importjob-info-disclosure(74557)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "ae-importjob-info-disclosure(74557)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74557" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + }, + { + "name": "53247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53247" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1619.json b/2012/1xxx/CVE-2012-1619.json index 034b037e8d1..a7ee2fae0fc 100644 --- a/2012/1xxx/CVE-2012-1619.json +++ b/2012/1xxx/CVE-2012-1619.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1619", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1619", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1695.json b/2012/1xxx/CVE-2012-1695.json index 10b05b737ab..bf040923228 100644 --- a/2012/1xxx/CVE-2012-1695.json +++ b/2012/1xxx/CVE-2012-1695.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1695", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1695", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026948", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026948" - }, - { - "name" : "48864", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48864" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48864", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48864" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026948", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026948" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3334.json b/2012/3xxx/CVE-2012-3334.json index 266fe918f5b..4f673037f66 100644 --- a/2012/3xxx/CVE-2012-3334.json +++ b/2012/3xxx/CVE-2012-3334.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3334", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3334", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21611800", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21611800" - }, - { - "name" : "55668", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55668" - }, - { - "name" : "85736", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85736" - }, - { - "name" : "ids-setcollation-bo(78277)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ids-setcollation-bo(78277)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21611800", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800" + }, + { + "name": "85736", + "refsource": "OSVDB", + "url": "http://osvdb.org/85736" + }, + { + "name": "55668", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55668" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3641.json b/2012/3xxx/CVE-2012-3641.json index bfa288d4e39..f6f8702274e 100644 --- a/2012/3xxx/CVE-2012-3641.json +++ b/2012/3xxx/CVE-2012-3641.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3641", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3641", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3954.json b/2012/3xxx/CVE-2012-3954.json index 1d7bfd3f55e..e702a0f54a4 100644 --- a/2012/3xxx/CVE-2012-3954.json +++ b/2012/3xxx/CVE-2012-3954.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3954", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3954", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.isc.org/article/AA-00737", - "refsource" : "CONFIRM", - "url" : "https://kb.isc.org/article/AA-00737" - }, - { - "name" : "DSA-2516", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2516" - }, - { - "name" : "DSA-2519", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2519" - }, - { - "name" : "GLSA-201301-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201301-06.xml" - }, - { - "name" : "MDVSA-2012:115", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115" - }, - { - "name" : "MDVSA-2012:116", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116" - }, - { - "name" : "RHSA-2012:1141", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1141.html" - }, - { - "name" : "openSUSE-SU-2012:1006", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html" - }, - { - "name" : "USN-1519-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1519-1" - }, - { - "name" : "54665", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54665" - }, - { - "name" : "1027300", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and 4.1-ESV before 4.1-ESV-R6 allow remote attackers to cause a denial of service (memory consumption) by sending many requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1027300", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027300" + }, + { + "name": "DSA-2516", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2516" + }, + { + "name": "RHSA-2012:1141", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1141.html" + }, + { + "name": "MDVSA-2012:116", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:116" + }, + { + "name": "openSUSE-SU-2012:1006", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00030.html" + }, + { + "name": "MDVSA-2012:115", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:115" + }, + { + "name": "DSA-2519", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2519" + }, + { + "name": "USN-1519-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1519-1" + }, + { + "name": "https://kb.isc.org/article/AA-00737", + "refsource": "CONFIRM", + "url": "https://kb.isc.org/article/AA-00737" + }, + { + "name": "GLSA-201301-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201301-06.xml" + }, + { + "name": "54665", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54665" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4190.json b/2012/4xxx/CVE-2012-4190.json index e91a72eac43..d28b109104c 100644 --- a/2012/4xxx/CVE-2012-4190.json +++ b/2012/4xxx/CVE-2012-4190.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790139", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790139" - }, - { - "name" : "1027653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027653" - }, - { - "name" : "firefox-freetype-code-execution(79208)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79208" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FT2FontEntry::CreateFontEntry function in FreeType, as used in the Android build of Mozilla Firefox before 16.0.1 on CyanogenMod 10, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "firefox-freetype-code-execution(79208)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79208" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=790139", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790139" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-88.html" + }, + { + "name": "1027653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027653" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4461.json b/2012/4xxx/CVE-2012-4461.json index 28521970e14..c34736b2131 100644 --- a/2012/4xxx/CVE-2012-4461.json +++ b/2012/4xxx/CVE-2012-4461.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/06/14" - }, - { - "name" : "http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742", - "refsource" : "MISC", - "url" : "http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=862900", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=862900" - }, - { - "name" : "RHSA-2013:0223", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0223.html" - }, - { - "name" : "RHSA-2013:0882", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0882.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "56414", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56414" - }, - { - "name" : "51160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SREGS ioctl to set the X86_CR4_OSXSAVE bit in the guest cr4 register, then calling the KVM_RUN ioctl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0223", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0223.html" + }, + { + "name": "56414", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56414" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=862900", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=862900" + }, + { + "name": "RHSA-2013:0882", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0882.html" + }, + { + "name": "51160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51160" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=6d1068b3a98519247d8ba4ec85cd40ac136dbdf9" + }, + { + "name": "http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742", + "refsource": "MISC", + "url": "http://article.gmane.org/gmane.comp.emulators.kvm.devel/100742" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "[oss-security] 20121106 CVE-2012-4461 -- kernel: kvm: invalid opcode oops on SET_SREGS with OSXSAVE bit set", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/06/14" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.9" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4505.json b/2012/4xxx/CVE-2012-4505.json index 86ed2043ac8..4af4022c439 100644 --- a/2012/4xxx/CVE-2012-4505.json +++ b/2012/4xxx/CVE-2012-4505.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/12/5" - }, - { - "name" : "[oss-security] 20121012 libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/12/1" - }, - { - "name" : "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/16/3" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=864612", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=864612" - }, - { - "name" : "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", - "refsource" : "CONFIRM", - "url" : "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E" - }, - { - "name" : "DSA-2571", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2571" - }, - { - "name" : "RHSA-2012:1461", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1461.html" - }, - { - "name" : "openSUSE-SU-2012:1375", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html" - }, - { - "name" : "USN-1629-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1629-1" - }, - { - "name" : "55910", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55910" - }, - { - "name" : "51048", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51048" - }, - { - "name" : "51180", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51180" - }, - { - "name" : "51308", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the px_pac_reload function in lib/pac.c in libproxy 0.2.x and 0.3.x allows remote servers to have an unspecified impact via a crafted Content-Length size in an HTTP response header for a proxy.pac file request, a different vulnerability than CVE-2012-4504." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2012:1375", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00065.html" + }, + { + "name": "51048", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51048" + }, + { + "name": "RHSA-2012:1461", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1461.html" + }, + { + "name": "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E", + "refsource": "CONFIRM", + "url": "https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E" + }, + { + "name": "USN-1629-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1629-1" + }, + { + "name": "[oss-security] 20121012 libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/12/1" + }, + { + "name": "[oss-security] 20121012 Re: libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/12/5" + }, + { + "name": "DSA-2571", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2571" + }, + { + "name": "51180", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51180" + }, + { + "name": "51308", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51308" + }, + { + "name": "55910", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55910" + }, + { + "name": "[oss-security] 20121016 Re: libproxy PAC downloading buffer overflows", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/16/3" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=864612", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=864612" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4583.json b/2012/4xxx/CVE-2012-4583.json index 22db3ef56b0..2cbeb420506 100644 --- a/2012/4xxx/CVE-2012-4583.json +++ b/2012/4xxx/CVE-2012-4583.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120329 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html" - }, - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to obtain the session tokens of arbitrary users by navigating within the Dashboard." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120329 NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0161.html" + }, + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4611.json b/2012/4xxx/CVE-2012-4611.json index 15e5b5d65c0..872e3077191 100644 --- a/2012/4xxx/CVE-2012-4611.json +++ b/2012/4xxx/CVE-2012-4611.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-4611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121126 ESA-2012-054: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0096.html" - }, - { - "name" : "http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html" - }, - { - "name" : "56699", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56699" - }, - { - "name" : "87876", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87876" - }, - { - "name" : "1027811", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027811" - }, - { - "name" : "51394", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51394" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Adaptive Authentication On-Premise (AAOP) before 7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56699", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56699" + }, + { + "name": "20121126 ESA-2012-054: RSA Adaptive Authentication (On-Premise) Cross-Site Scripting Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0096.html" + }, + { + "name": "87876", + "refsource": "OSVDB", + "url": "http://osvdb.org/87876" + }, + { + "name": "1027811", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027811" + }, + { + "name": "51394", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51394" + }, + { + "name": "http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/118381/RSA-Adaptive-Authentication-On-Premise-6.x-XSS.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2158.json b/2017/2xxx/CVE-2017-2158.json index c3e179675c5..fb01b70805f 100644 --- a/2017/2xxx/CVE-2017-2158.json +++ b/2017/2xxx/CVE-2017-2158.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2158", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Lhaplus", - "version" : { - "version_data" : [ - { - "version_value" : "Version 1.73 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Schezo" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insufficient Verification of Data Authenticity" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2158", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Lhaplus", + "version": { + "version_data": [ + { + "version_value": "Version 1.73 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Schezo" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www7a.biglobe.ne.jp/~schezo/JVN57842148.html", - "refsource" : "CONFIRM", - "url" : "http://www7a.biglobe.ne.jp/~schezo/JVN57842148.html" - }, - { - "name" : "JVN#57842148", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN57842148/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insufficient Verification of Data Authenticity" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#57842148", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN57842148/index.html" + }, + { + "name": "http://www7a.biglobe.ne.jp/~schezo/JVN57842148.html", + "refsource": "CONFIRM", + "url": "http://www7a.biglobe.ne.jp/~schezo/JVN57842148.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2345.json b/2017/2xxx/CVE-2017-2345.json index 974028e4890..5a653d1ecda 100644 --- a/2017/2xxx/CVE-2017-2345.json +++ b/2017/2xxx/CVE-2017-2345.json @@ -1,161 +1,161 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "DATE_PUBLIC" : "2017-07-12T09:00", - "ID" : "CVE-2017-2345", - "STATE" : "PUBLIC", - "TITLE" : "Junos: snmpd denial of service upon receipt of crafted SNMP packet" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS", - "version" : { - "version_data" : [ - { - "platform" : "all products and platforms", - "version_value" : "Junos releases prior to 10.2 are not affected" - }, - { - "platform" : "", - "version_value" : "12.1X46 prior to 12.1X46-D67" - }, - { - "platform" : "", - "version_value" : "12.3X48 prior to 12.3X48-D51, 12.3X48-D55" - }, - { - "platform" : "", - "version_value" : "13.3 prior to 13.3R10-S2" - }, - { - "platform" : "", - "version_value" : "14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9" - }, - { - "platform" : "", - "version_value" : "14.1X50 prior to 14.1X50-D185" - }, - { - "platform" : "", - "version_value" : "14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50" - }, - { - "platform" : "", - "version_value" : "14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8" - }, - { - "platform" : "", - "version_value" : "15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7" - }, - { - "platform" : "", - "version_value" : "15.1X49 prior to 15.1X49-D100" - }, - { - "platform" : "", - "version_value" : "15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70" - }, - { - "platform" : "", - "version_value" : "16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5" - }, - { - "platform" : "", - "version_value" : "16.2 prior to 16.2R2" - }, - { - "platform" : "", - "version_value" : "17.1 prior to 17.1R1-S3, 17.1R2" - }, - { - "platform" : "", - "version_value" : "17.2 prior to 17.2R1-S1, 17.2R2" - }, - { - "platform" : "", - "version_value" : "17.2X75 prior to 17.2X75-D30" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "configuration" : [], - "credit" : [], - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected." - } - ] - }, - "exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", - "impact" : { - "cvss" : { - "attackComplexity" : "LOW", - "attackVector" : "NETWORK", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of service" - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "DATE_PUBLIC": "2017-07-12T09:00", + "ID": "CVE-2017-2345", + "STATE": "PUBLIC", + "TITLE": "Junos: snmpd denial of service upon receipt of crafted SNMP packet" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS", + "version": { + "version_data": [ + { + "platform": "all products and platforms", + "version_value": "Junos releases prior to 10.2 are not affected" + }, + { + "platform": "", + "version_value": "12.1X46 prior to 12.1X46-D67" + }, + { + "platform": "", + "version_value": "12.3X48 prior to 12.3X48-D51, 12.3X48-D55" + }, + { + "platform": "", + "version_value": "13.3 prior to 13.3R10-S2" + }, + { + "platform": "", + "version_value": "14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9" + }, + { + "platform": "", + "version_value": "14.1X50 prior to 14.1X50-D185" + }, + { + "platform": "", + "version_value": "14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50" + }, + { + "platform": "", + "version_value": "14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8" + }, + { + "platform": "", + "version_value": "15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7" + }, + { + "platform": "", + "version_value": "15.1X49 prior to 15.1X49-D100" + }, + { + "platform": "", + "version_value": "15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70" + }, + { + "platform": "", + "version_value": "16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5" + }, + { + "platform": "", + "version_value": "16.2 prior to 16.2R2" + }, + { + "platform": "", + "version_value": "17.1 prior to 17.1R1-S3, 17.1R2" + }, + { + "platform": "", + "version_value": "17.2 prior to 17.2R1-S1, 17.2R2" + }, + { + "platform": "", + "version_value": "17.2X75 prior to 17.2X75-D30" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10793", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10793" - }, - { - "name" : "99567", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99567" - }, - { - "name" : "1038903", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038903" - } - ] - }, - "solution" : "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1282772 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.", - "work_around" : [ - { - "lang" : "eng", - "value" : "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), SNMP access lists, and/or SNMPv3 authentication to limit access to the device only from trusted hosts." - } - ] -} + } + }, + "configuration": [], + "credit": [], + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Junos OS devices with SNMP enabled, a network based attacker with unfiltered access to the RE can cause the Junos OS snmpd daemon to crash and restart by sending a crafted SNMP packet. Repeated crashes of the snmpd daemon can result in a partial denial of service condition. Additionally, it may be possible to craft a malicious SNMP packet in a way that can result in remote code execution. SNMP is disabled in Junos OS by default. Junos OS devices with SNMP disabled are not affected by this issue. No other Juniper Networks products or platforms are affected by this issue. NOTE: This is a different issue than Cisco CVE-2017-6736, CVE-2017-6737, and CVE-2017-6738. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D67; 12.3X48 prior to 12.3X48-D51, 12.3X48-D55; 13.3 prior to 13.3R10-S2; 14.1 prior to 14.1R2-S10, 14.1R8-S4, 14.1R9; 14.1X50 prior to 14.1X50-D185; 14.1X53 prior to 14.1X53-D122, 14.1X53-D44, 14.1X53-D50; 14.2 prior to 14.2R4-S9, 14.2R7-S7, 14.2R8; 15.1 prior to 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7; 15.1X49 prior to 15.1X49-D100, 15.1X49-D110; 15.1X53 prior to 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70; 16.1 prior to 16.1R3-S4, 16.1R4-S3, 16.1R4-S4, 16.1R5; 16.2 prior to 16.2R2, 16.2R3; 17.1 prior to 17.1R1-S3, 17.1R2, 17.1R3; 17.2 prior to 17.2R1-S1, 17.2R2; 17.2X75 prior to 17.2X75-D30. Junos releases prior to 10.2 are not affected." + } + ] + }, + "exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", + "impact": { + "cvss": { + "attackComplexity": "LOW", + "attackVector": "NETWORK", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038903", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038903" + }, + { + "name": "https://kb.juniper.net/JSA10793", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10793" + }, + { + "name": "99567", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99567" + } + ] + }, + "solution": "The following software releases have been updated to resolve this specific issue: Junos OS 12.1X46-D67, 12.3X48-D51, 12.3X48-D55, 13.3R10-S2, 14.1R2-S10, 14.1R8-S4, 14.1R9, 14.1X53-D122, 14.1X53-D44, 14.1X53-D50, 14.2R7-S7, 14.2R8, 15.1F2-S18, 15.1F6-S7, 15.1R4-S8, 15.1R5-S5, 15.1R6-S1, 15.1R7, 15.1X49-D100, 15.1X53-D231, 15.1X53-D47, 15.1X53-D48, 15.1X53-D57, 15.1X53-D64, 15.1X53-D70, 16.1R3-S4, 16.1R4-S3, 16.1R5, 16.2R2, 17.1R1-S3, 17.1R2, 17.2R1-S1, 17.2R2, 17.3R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1282772 and is visible on the Customer Support website.\n\nKB16765 - \"In which releases are vulnerabilities fixed?\" describes which release vulnerabilities are fixed as per our End of Engineering and End of Life support policies.", + "work_around": [ + { + "lang": "eng", + "value": "Disable SNMP (disabled by default), utilize edge filtering with source-address validation (uRPF, etc.), SNMP access lists, and/or SNMPv3 authentication to limit access to the device only from trusted hosts." + } + ] +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2496.json b/2017/2xxx/CVE-2017-2496.json index 2bf723fa14f..0e7baa4d0e2 100644 --- a/2017/2xxx/CVE-2017-2496.json +++ b/2017/2xxx/CVE-2017-2496.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207798", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207798" - }, - { - "name" : "https://support.apple.com/HT207804", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207804" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "98474", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98474" - }, - { - "name" : "1038487", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038487" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038487", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038487" + }, + { + "name": "98474", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98474" + }, + { + "name": "https://support.apple.com/HT207804", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207804" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207798", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207798" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2872.json b/2017/2xxx/CVE-2017-2872.json index e2d7c67c460..5e3af26cdda 100644 --- a/2017/2xxx/CVE-2017-2872.json +++ b/2017/2xxx/CVE-2017-2872.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-11-13T00:00:00", - "ID" : "CVE-2017-2872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foscam Indoor IP Camera C1 Series", - "version" : { - "version_data" : [ - { - "version_value" : "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Authentication" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-11-13T00:00:00", + "ID": "CVE-2017-2872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foscam Indoor IP Camera C1 Series", + "version": { + "version_data": [ + { + "version_value": "System Firmware Version: 1.9.3.18,Application Firmware Version: 2.52.2.43,Plug-In Version: 3.3.0.26" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Authentication" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0379" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3889.json b/2017/3xxx/CVE-2017-3889.json index 1ed7e2f4a03..44521092f68 100644 --- a/2017/3xxx/CVE-2017-3889.json +++ b/2017/3xxx/CVE-2017-3889.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3889", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Registered Envelope Service", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Registered Envelope Service" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Open Redirect Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3889", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Registered Envelope Service", + "version": { + "version_data": [ + { + "version_value": "Cisco Registered Envelope Service" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res" - }, - { - "name" : "97433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web interface of the Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to redirect a user to a undesired web page, aka an Open Redirect. This vulnerability affects the Cisco Registered Envelope cloud-based service. More Information: CSCvc60123. Known Affected Releases: 5.1.0-015." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Open Redirect Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-res" + }, + { + "name": "97433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97433" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6376.json b/2017/6xxx/CVE-2017-6376.json index 2db225247c2..9ef2cf60374 100644 --- a/2017/6xxx/CVE-2017-6376.json +++ b/2017/6xxx/CVE-2017-6376.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6376", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6376", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6732.json b/2017/6xxx/CVE-2017-6732.json index 2a22438cd37..ea6f5fd3cb7 100644 --- a/2017/6xxx/CVE-2017-6732.json +++ b/2017/6xxx/CVE-2017-6732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Network", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Network" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Network", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Network" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime" - }, - { - "name" : "99457", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99457" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the installation procedure for Cisco Prime Network Software could allow an authenticated, local attacker to elevate their privileges to root privileges. More Information: CSCvd47343. Known Affected Releases: 4.2(2.1)PP1 4.2(3.0)PP6 4.3(0.0)PP4 4.3(1.0)PP2. Known Fixed Releases: 4.3(2)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99457", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99457" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-prime" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6740.json b/2017/6xxx/CVE-2017-6740.json index f6eaf1608f7..dcfdcc0ff41 100644 --- a/2017/6xxx/CVE-2017-6740.json +++ b/2017/6xxx/CVE-2017-6740.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6740", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6740", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" - }, - { - "name" : "99345", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99345" - }, - { - "name" : "1038808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038808" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 and IOS XE 2.2 through 3.17 contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. The vulnerabilities are due to a buffer overflow condition in the SNMP subsystem of the affected software. The vulnerabilities affect all versions of SNMP: Versions 1, 2c, and 3. To exploit these vulnerabilities via SNMP Version 2c or earlier, the attacker must know the SNMP read-only community string for the affected system. To exploit these vulnerabilities via SNMP Version 3, the attacker must have user credentials for the affected system. All devices that have enabled SNMP and have not explicitly excluded the affected MIBs or OIDs should be considered vulnerable. Cisco Bug IDs: CSCve66601." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99345", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99345" + }, + { + "name": "1038808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038808" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7343.json b/2017/7xxx/CVE-2017-7343.json index 45941f6c8aa..7a23cbb4325 100644 --- a/2017/7xxx/CVE-2017-7343.json +++ b/2017/7xxx/CVE-2017-7343.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "ID" : "CVE-2017-7343", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Fortinet FortiPortal", - "version" : { - "version_data" : [ - { - "version_value" : "FortiPortal 4.0.0 and below" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Execution of unauthorized code or commands" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "ID": "CVE-2017-7343", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Fortinet FortiPortal", + "version": { + "version_data": [ + { + "version_value": "FortiPortal 4.0.0 and below" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/psirt/FG-IR-17-114", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/psirt/FG-IR-17-114" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Execution of unauthorized code or commands" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://fortiguard.com/psirt/FG-IR-17-114", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/psirt/FG-IR-17-114" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7779.json b/2017/7xxx/CVE-2017-7779.json index 86803e90680..6820f301a4c 100644 --- a/2017/7xxx/CVE-2017-7779.json +++ b/2017/7xxx/CVE-2017-7779.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7779", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7779", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/" - }, - { - "name" : "DSA-3928", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3928" - }, - { - "name" : "DSA-3968", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3968" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2456" - }, - { - "name" : "RHSA-2017:2534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2534" - }, - { - "name" : "100201", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100201" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory safety bugs fixed in Firefox 55, Firefox ESR 52.3, and Thunderbird 52.3" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-19/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-20/" + }, + { + "name": "DSA-3968", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3968" + }, + { + "name": "100201", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100201" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "RHSA-2017:2456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2456" + }, + { + "name": "RHSA-2017:2534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2534" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1354443%2C1368576%2C1366903%2C1369913%2C1371424%2C1346590%2C1371890%2C1372985%2C1362924%2C1368105%2C1369994%2C1371283%2C1368362%2C1378826%2C1380426%2C1368030%2C1373220%2C1321384%2C1383002" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + }, + { + "name": "DSA-3928", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3928" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10156.json b/2018/10xxx/CVE-2018-10156.json index ddbdb0a4a2c..02fc904ee84 100644 --- a/2018/10xxx/CVE-2018-10156.json +++ b/2018/10xxx/CVE-2018-10156.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10156", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10156", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10427.json b/2018/10xxx/CVE-2018-10427.json index 344b46f00e8..88a65ba0044 100644 --- a/2018/10xxx/CVE-2018-10427.json +++ b/2018/10xxx/CVE-2018-10427.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10427", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10427", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10544.json b/2018/10xxx/CVE-2018-10544.json index 878dd1fc8ed..b8d4b1f67f9 100644 --- a/2018/10xxx/CVE-2018-10544.json +++ b/2018/10xxx/CVE-2018-10544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://garrettmiller.github.io/meross-mss110-vuln/", - "refsource" : "MISC", - "url" : "https://garrettmiller.github.io/meross-mss110-vuln/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Meross MSS110 devices through 1.1.24 contain an unauthenticated admin.htm administrative interface." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://garrettmiller.github.io/meross-mss110-vuln/", + "refsource": "MISC", + "url": "https://garrettmiller.github.io/meross-mss110-vuln/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10701.json b/2018/10xxx/CVE-2018-10701.json index 05ddeed901e..7c491c77d2d 100644 --- a/2018/10xxx/CVE-2018-10701.json +++ b/2018/10xxx/CVE-2018-10701.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10701", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10701", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10709.json b/2018/10xxx/CVE-2018-10709.json index 5279c5aa5e2..91017a654af 100644 --- a/2018/10xxx/CVE-2018-10709.json +++ b/2018/10xxx/CVE-2018-10709.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45716", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45716/" - }, - { - "name" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", - "refsource" : "MISC", - "url" : "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The AsrDrv101.sys and AsrDrv102.sys low-level drivers in ASRock RGBLED before v1.0.35.1, A-Tuning before v3.0.210, F-Stream before v3.0.210, and RestartToUEFI before v1.0.6.2 expose functionality to read and write CR register values. This could be leveraged in a number of ways to ultimately run code with elevated privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities", + "refsource": "MISC", + "url": "https://www.secureauth.com/labs/advisories/asrock-drivers-elevation-privilege-vulnerabilities" + }, + { + "name": "45716", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45716/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14199.json b/2018/14xxx/CVE-2018-14199.json index 7b94c1cec4b..8973a1d789f 100644 --- a/2018/14xxx/CVE-2018-14199.json +++ b/2018/14xxx/CVE-2018-14199.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14199", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14199", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14435.json b/2018/14xxx/CVE-2018-14435.json index 7c25b3368f6..3c1b236e38f 100644 --- a/2018/14xxx/CVE-2018-14435.json +++ b/2018/14xxx/CVE-2018-14435.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14435", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14435", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/ImageMagick/ImageMagick/issues/1193", - "refsource" : "MISC", - "url" : "https://github.com/ImageMagick/ImageMagick/issues/1193" - }, - { - "name" : "USN-3785-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3785-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ImageMagick 7.0.8-4 has a memory leak in DecodeImage in coders/pcd.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/issues/1193", + "refsource": "MISC", + "url": "https://github.com/ImageMagick/ImageMagick/issues/1193" + }, + { + "name": "USN-3785-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3785-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14872.json b/2018/14xxx/CVE-2018-14872.json index f03079ed237..b4ee77d89ce 100644 --- a/2018/14xxx/CVE-2018-14872.json +++ b/2018/14xxx/CVE-2018-14872.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14872", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14872", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/havysec/Useful_Code/blob/master/mycve/004.md", - "refsource" : "MISC", - "url" : "https://github.com/havysec/Useful_Code/blob/master/mycve/004.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, with all data reset." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/havysec/Useful_Code/blob/master/mycve/004.md", + "refsource": "MISC", + "url": "https://github.com/havysec/Useful_Code/blob/master/mycve/004.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14915.json b/2018/14xxx/CVE-2018-14915.json index 1c44ef63e65..d6c79f64ac4 100644 --- a/2018/14xxx/CVE-2018-14915.json +++ b/2018/14xxx/CVE-2018-14915.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14915", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-14915", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14945.json b/2018/14xxx/CVE-2018-14945.json index fe8756392a9..dd9c98d545c 100644 --- a/2018/14xxx/CVE-2018-14945.json +++ b/2018/14xxx/CVE-2018-14945.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fouzhe/security/tree/master/jpeg_encoder#heap-buffer-overflow-in-function-readfrombmp", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/jpeg_encoder#heap-buffer-overflow-in-function-readfrombmp" - }, - { - "name" : "https://github.com/thejinchao/jpeg_encoder/issues/6", - "refsource" : "MISC", - "url" : "https://github.com/thejinchao/jpeg_encoder/issues/6" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in jpeg_encoder through 2015-11-27. It is a heap-based buffer overflow in the function readFromBMP in jpeg_encoder.cpp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/fouzhe/security/tree/master/jpeg_encoder#heap-buffer-overflow-in-function-readfrombmp", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/jpeg_encoder#heap-buffer-overflow-in-function-readfrombmp" + }, + { + "name": "https://github.com/thejinchao/jpeg_encoder/issues/6", + "refsource": "MISC", + "url": "https://github.com/thejinchao/jpeg_encoder/issues/6" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17662.json b/2018/17xxx/CVE-2018-17662.json index 820a17cc07b..910eb5760f4 100644 --- a/2018/17xxx/CVE-2018-17662.json +++ b/2018/17xxx/CVE-2018-17662.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17662", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17662", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1188/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1188/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the beep method of a Host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6514." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1188/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1188/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20197.json b/2018/20xxx/CVE-2018-20197.json index 45b2576fb4e..b5ab3eb8992 100644 --- a/2018/20xxx/CVE-2018-20197.json +++ b/2018/20xxx/CVE-2018-20197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/knik0/faad2/issues/20", - "refsource" : "MISC", - "url" : "https://github.com/knik0/faad2/issues/20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a stack-based buffer underflow in the third instance of the calculate_gain function in libfaad/sbr_hfadj.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.8.8. A crafted input will lead to a denial of service or possibly unspecified other impact because limiting the additional noise energy level is mishandled for the G_max > G case." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/knik0/faad2/issues/20", + "refsource": "MISC", + "url": "https://github.com/knik0/faad2/issues/20" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20301.json b/2018/20xxx/CVE-2018-20301.json index 2c6254f1850..0a769316379 100644 --- a/2018/20xxx/CVE-2018-20301.json +++ b/2018/20xxx/CVE-2018-20301.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20301", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, \"registration\" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20301", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/smpallen99/coherence/issues/270", - "refsource" : "MISC", - "url" : "https://github.com/smpallen99/coherence/issues/270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, \"registration\" endpoints (e.g., creating, editing, updating) allow users to update any coherence_fields data. For example, users can automatically confirm their accounts by sending the confirmed_at parameter with their registration request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/smpallen99/coherence/issues/270", + "refsource": "MISC", + "url": "https://github.com/smpallen99/coherence/issues/270" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20579.json b/2018/20xxx/CVE-2018-20579.json index f63b55d6fda..792acf6c1ea 100644 --- a/2018/20xxx/CVE-2018-20579.json +++ b/2018/20xxx/CVE-2018-20579.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/contiki-ng/contiki-ng/issues/601", - "refsource" : "MISC", - "url" : "https://github.com/contiki-ng/contiki-ng/issues/601" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Contiki-NG before 4.2 has a stack-based buffer overflow in the push function in os/lib/json/jsonparse.c that allows an out-of-bounds write of an '{' or '[' character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/contiki-ng/contiki-ng/issues/601", + "refsource": "MISC", + "url": "https://github.com/contiki-ng/contiki-ng/issues/601" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20665.json b/2018/20xxx/CVE-2018-20665.json index 0b27aff0973..8f3e9c68f59 100644 --- a/2018/20xxx/CVE-2018-20665.json +++ b/2018/20xxx/CVE-2018-20665.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20665", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20665", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9130.json b/2018/9xxx/CVE-2018-9130.json index 604ee9d1651..8dfcd10c3b5 100644 --- a/2018/9xxx/CVE-2018-9130.json +++ b/2018/9xxx/CVE-2018-9130.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBOS 4.4.3 has XSS via a company full name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cnonce.github.io/2018/03/29/IBOS-4-4-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/", - "refsource" : "MISC", - "url" : "https://cnonce.github.io/2018/03/29/IBOS-4-4-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/" - }, - { - "name" : "https://github.com/cnonce/IBOS_4.4.3/blob/master/Cross%20Site%20Scripting.md", - "refsource" : "MISC", - "url" : "https://github.com/cnonce/IBOS_4.4.3/blob/master/Cross%20Site%20Scripting.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBOS 4.4.3 has XSS via a company full name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/cnonce/IBOS_4.4.3/blob/master/Cross%20Site%20Scripting.md", + "refsource": "MISC", + "url": "https://github.com/cnonce/IBOS_4.4.3/blob/master/Cross%20Site%20Scripting.md" + }, + { + "name": "https://cnonce.github.io/2018/03/29/IBOS-4-4-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/", + "refsource": "MISC", + "url": "https://cnonce.github.io/2018/03/29/IBOS-4-4-3%E5%AD%98%E5%82%A8%E5%9E%8Bxss/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9704.json b/2018/9xxx/CVE-2018-9704.json index a4aa2c43018..f3d320f6243 100644 --- a/2018/9xxx/CVE-2018-9704.json +++ b/2018/9xxx/CVE-2018-9704.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9704", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9704", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9903.json b/2018/9xxx/CVE-2018-9903.json index a34b8284b40..c71bee885ac 100644 --- a/2018/9xxx/CVE-2018-9903.json +++ b/2018/9xxx/CVE-2018-9903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file