From 1478fc15d8daf148e4970d990ede7c5b2874e4e4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:35:40 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1443.json | 170 ++++++------- 2003/0xxx/CVE-2003-0123.json | 190 +++++++------- 2003/0xxx/CVE-2003-0131.json | 350 ++++++++++++------------- 2003/0xxx/CVE-2003-0654.json | 120 ++++----- 2003/0xxx/CVE-2003-0671.json | 130 +++++----- 2003/1xxx/CVE-2003-1015.json | 140 +++++----- 2003/1xxx/CVE-2003-1397.json | 150 +++++------ 2003/1xxx/CVE-2003-1547.json | 170 ++++++------- 2004/0xxx/CVE-2004-0006.json | 450 ++++++++++++++++----------------- 2004/0xxx/CVE-2004-0386.json | 200 +++++++-------- 2004/0xxx/CVE-2004-0736.json | 130 +++++----- 2004/0xxx/CVE-2004-0974.json | 140 +++++----- 2004/2xxx/CVE-2004-2222.json | 170 ++++++------- 2004/2xxx/CVE-2004-2401.json | 160 ++++++------ 2004/2xxx/CVE-2004-2571.json | 160 ++++++------ 2004/2xxx/CVE-2004-2713.json | 170 ++++++------- 2008/2xxx/CVE-2008-2268.json | 160 ++++++------ 2008/2xxx/CVE-2008-2345.json | 130 +++++----- 2008/2xxx/CVE-2008-2384.json | 250 +++++++++--------- 2008/2xxx/CVE-2008-2857.json | 120 ++++----- 2008/6xxx/CVE-2008-6273.json | 130 +++++----- 2012/0xxx/CVE-2012-0173.json | 140 +++++----- 2012/1xxx/CVE-2012-1058.json | 160 ++++++------ 2012/1xxx/CVE-2012-1311.json | 170 ++++++------- 2012/1xxx/CVE-2012-1532.json | 350 ++++++++++++------------- 2012/1xxx/CVE-2012-1544.json | 34 +-- 2012/1xxx/CVE-2012-1581.json | 190 +++++++------- 2012/1xxx/CVE-2012-1784.json | 160 ++++++------ 2012/5xxx/CVE-2012-5047.json | 34 +-- 2012/5xxx/CVE-2012-5268.json | 150 +++++------ 2012/5xxx/CVE-2012-5475.json | 34 +-- 2012/5xxx/CVE-2012-5762.json | 130 +++++----- 2017/11xxx/CVE-2017-11109.json | 120 ++++----- 2017/11xxx/CVE-2017-11780.json | 142 +++++------ 2017/11xxx/CVE-2017-11987.json | 34 +-- 2017/3xxx/CVE-2017-3467.json | 152 +++++------ 2017/3xxx/CVE-2017-3652.json | 188 +++++++------- 2017/3xxx/CVE-2017-3798.json | 140 +++++----- 2017/3xxx/CVE-2017-3860.json | 140 +++++----- 2017/7xxx/CVE-2017-7061.json | 190 +++++++------- 2017/7xxx/CVE-2017-7138.json | 140 +++++----- 2017/7xxx/CVE-2017-7322.json | 130 +++++----- 2017/7xxx/CVE-2017-7668.json | 256 +++++++++---------- 2017/8xxx/CVE-2017-8027.json | 34 +-- 2017/8xxx/CVE-2017-8503.json | 142 +++++------ 2017/8xxx/CVE-2017-8556.json | 142 +++++------ 2018/10xxx/CVE-2018-10179.json | 34 +-- 2018/10xxx/CVE-2018-10209.json | 120 ++++----- 2018/10xxx/CVE-2018-10496.json | 120 ++++----- 2018/10xxx/CVE-2018-10549.json | 230 ++++++++--------- 2018/10xxx/CVE-2018-10963.json | 150 +++++------ 2018/12xxx/CVE-2018-12017.json | 34 +-- 2018/12xxx/CVE-2018-12821.json | 130 +++++----- 2018/13xxx/CVE-2018-13001.json | 120 ++++----- 2018/13xxx/CVE-2018-13384.json | 34 +-- 2018/13xxx/CVE-2018-13707.json | 130 +++++----- 2018/13xxx/CVE-2018-13923.json | 34 +-- 2018/17xxx/CVE-2018-17125.json | 130 +++++----- 2018/17xxx/CVE-2018-17260.json | 34 +-- 2018/17xxx/CVE-2018-17676.json | 130 +++++----- 2018/17xxx/CVE-2018-17747.json | 34 +-- 2018/17xxx/CVE-2018-17984.json | 140 +++++----- 2018/9xxx/CVE-2018-9006.json | 120 ++++----- 2018/9xxx/CVE-2018-9017.json | 120 ++++----- 64 files changed, 4568 insertions(+), 4568 deletions(-) diff --git a/2002/1xxx/CVE-2002-1443.json b/2002/1xxx/CVE-2002-1443.json index 2830933ad03..9fb94a0e9ed 100644 --- a/2002/1xxx/CVE-2002-1443.json +++ b/2002/1xxx/CVE-2002-1443.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1443", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an \"onkeydown\" event handler." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1443", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020808 Exploiting the Google toolbar (GM#001-MC)", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/286527" - }, - { - "name" : "20020808 Exploiting the Google toolbar (GM#001-MC)", - "refsource" : "NTBUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html" - }, - { - "name" : "http://sec.greymagic.com/adv/gm001-mc/", - "refsource" : "MISC", - "url" : "http://sec.greymagic.com/adv/gm001-mc/" - }, - { - "name" : "http://toolbar.google.com/whatsnew.php3", - "refsource" : "CONFIRM", - "url" : "http://toolbar.google.com/whatsnew.php3" - }, - { - "name" : "5426", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5426" - }, - { - "name" : "google-toolbar-keypress-monitoring(10054)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10054" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an \"onkeydown\" event handler." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020808 Exploiting the Google toolbar (GM#001-MC)", + "refsource": "NTBUGTRAQ", + "url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html" + }, + { + "name": "20020808 Exploiting the Google toolbar (GM#001-MC)", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/286527" + }, + { + "name": "http://sec.greymagic.com/adv/gm001-mc/", + "refsource": "MISC", + "url": "http://sec.greymagic.com/adv/gm001-mc/" + }, + { + "name": "google-toolbar-keypress-monitoring(10054)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10054" + }, + { + "name": "http://toolbar.google.com/whatsnew.php3", + "refsource": "CONFIRM", + "url": "http://toolbar.google.com/whatsnew.php3" + }, + { + "name": "5426", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5426" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0123.json b/2003/0xxx/CVE-2003-0123.json index f2ca3d140e6..eabeda62aa0 100644 --- a/2003/0xxx/CVE-2003-0123.json +++ b/2003/0xxx/CVE-2003-0123.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0123", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0123", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104757545500368&w=2" - }, - { - "name" : "http://www.rapid7.com/advisories/R7-0011.html", - "refsource" : "MISC", - "url" : "http://www.rapid7.com/advisories/R7-0011.html" - }, - { - "name" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060", - "refsource" : "CONFIRM", - "url" : "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060" - }, - { - "name" : "CA-2003-11", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-11.html" - }, - { - "name" : "VU#411489", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/411489" - }, - { - "name" : "N-065", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml" - }, - { - "name" : "7038", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7038" - }, - { - "name" : "lotus-web-retriever-bo(11525)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2003-11", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-11.html" + }, + { + "name": "N-065", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-065.shtml" + }, + { + "name": "20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104757545500368&w=2" + }, + { + "name": "7038", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7038" + }, + { + "name": "http://www.rapid7.com/advisories/R7-0011.html", + "refsource": "MISC", + "url": "http://www.rapid7.com/advisories/R7-0011.html" + }, + { + "name": "VU#411489", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/411489" + }, + { + "name": "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060", + "refsource": "CONFIRM", + "url": "http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060" + }, + { + "name": "lotus-web-retriever-bo(11525)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11525" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0131.json b/2003/0xxx/CVE-2003-0131.json index a9557eb41b4..fddae0edb10 100644 --- a/2003/0xxx/CVE-2003-0131.json +++ b/2003/0xxx/CVE-2003-0131.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030327 Immunix Secured OS 7+ openssl update", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" - }, - { - "name" : "http://eprint.iacr.org/2003/052/", - "refsource" : "MISC", - "url" : "http://eprint.iacr.org/2003/052/" - }, - { - "name" : "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104811162730834&w=2" - }, - { - "name" : "20030324 GLSA: openssl (200303-20)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104852637112330&w=2" - }, - { - "name" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html", - "refsource" : "MISC", - "url" : "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html" - }, - { - "name" : "CSSA-2003-014.0", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt" - }, - { - "name" : "GLSA-200303-20", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml" - }, - { - "name" : "IMNX-2003-7+-001-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" - }, - { - "name" : "OpenPKG-SA-2003.026", - "refsource" : "OPENPKG", - "url" : "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html" - }, - { - "name" : "MDKSA-2003:035", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035" - }, - { - "name" : "NetBSD-SA2003-007", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc" - }, - { - "name" : "RHSA-2003:101", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-101.html" - }, - { - "name" : "RHSA-2003:102", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-102.html" - }, - { - "name" : "CLA-2003:625", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625" - }, - { - "name" : "DSA-288", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-288" - }, - { - "name" : "20030501-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I" - }, - { - "name" : "SuSE-SA:2003:024", - "refsource" : "SUSE", - "url" : "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html" - }, - { - "name" : "2003-0013", - "refsource" : "TRUSTIX", - "url" : "http://marc.info/?l=bugtraq&m=104878215721135&w=2" - }, - { - "name" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html", - "refsource" : "CONFIRM", - "url" : "http://lists.apple.com/mhonarc/security-announce/msg00028.html" - }, - { - "name" : "http://www.openssl.org/news/secadv_20030319.txt", - "refsource" : "CONFIRM", - "url" : "http://www.openssl.org/news/secadv_20030319.txt" - }, - { - "name" : "VU#888801", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/888801" - }, - { - "name" : "7148", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7148" - }, - { - "name" : "ssl-premaster-information-leak(11586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586" - }, - { - "name" : "oval:org.mitre.oval:def:461", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKCS #1 v1.5 padding that cause OpenSSL to leak information regarding the relationship between ciphertext and the associated plaintext, aka the \"Klima-Pokorny-Rosa attack.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-288", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-288" + }, + { + "name": "RHSA-2003:101", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-101.html" + }, + { + "name": "RHSA-2003:102", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-102.html" + }, + { + "name": "2003-0013", + "refsource": "TRUSTIX", + "url": "http://marc.info/?l=bugtraq&m=104878215721135&w=2" + }, + { + "name": "http://eprint.iacr.org/2003/052/", + "refsource": "MISC", + "url": "http://eprint.iacr.org/2003/052/" + }, + { + "name": "oval:org.mitre.oval:def:461", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A461" + }, + { + "name": "GLSA-200303-20", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-20.xml" + }, + { + "name": "SuSE-SA:2003:024", + "refsource": "SUSE", + "url": "https://lists.opensuse.org/opensuse-security-announce/2003-04/msg00005.html" + }, + { + "name": "CSSA-2003-014.0", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt" + }, + { + "name": "7148", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7148" + }, + { + "name": "http://lists.apple.com/mhonarc/security-announce/msg00028.html", + "refsource": "CONFIRM", + "url": "http://lists.apple.com/mhonarc/security-announce/msg00028.html" + }, + { + "name": "OpenPKG-SA-2003.026", + "refsource": "OPENPKG", + "url": "http://www.openpkg.org/security/OpenPKG-SA-2003.026-openssl.html" + }, + { + "name": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html", + "refsource": "MISC", + "url": "http://www.linuxsecurity.com/advisories/immunix_advisory-3066.html" + }, + { + "name": "IMNX-2003-7+-001-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" + }, + { + "name": "http://www.openssl.org/news/secadv_20030319.txt", + "refsource": "CONFIRM", + "url": "http://www.openssl.org/news/secadv_20030319.txt" + }, + { + "name": "NetBSD-SA2003-007", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-007.txt.asc" + }, + { + "name": "MDKSA-2003:035", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:035" + }, + { + "name": "20030324 GLSA: openssl (200303-20)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104852637112330&w=2" + }, + { + "name": "ssl-premaster-information-leak(11586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11586" + }, + { + "name": "20030327 Immunix Secured OS 7+ openssl update", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316577/30/25310/threaded" + }, + { + "name": "20030501-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I" + }, + { + "name": "20030319 [OpenSSL Advisory] Klima-Pokorny-Rosa attack on PKCS #1 v1.5 padding", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104811162730834&w=2" + }, + { + "name": "VU#888801", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/888801" + }, + { + "name": "CLA-2003:625", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0654.json b/2003/0xxx/CVE-2003-0654.json index 74dfc005ffe..23502a53d8a 100644 --- a/2003/0xxx/CVE-2003-0654.json +++ b/2003/0xxx/CVE-2003-0654.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-373", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-373" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in autorespond may allow remote attackers to execute arbitrary code as the autorespond user via qmail." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-373", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-373" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0671.json b/2003/0xxx/CVE-2003-0671.json index bfbf15132d1..54d2852f10b 100644 --- a/2003/0xxx/CVE-2003-0671.json +++ b/2003/0xxx/CVE-2003-0671.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0671", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0671", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A080703-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a080703-1.txt" - }, - { - "name" : "A080703-2", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a080703-2.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A080703-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a080703-1.txt" + }, + { + "name": "A080703-2", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a080703-2.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1015.json b/2003/1xxx/CVE-2003-1015.json index 3437fec5acc..be64e9e5611 100644 --- a/2003/1xxx/CVE-2003-1015.json +++ b/2003/1xxx/CVE-2003-1015.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1015", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1015", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109525252118936&w=2" - }, - { - "name" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" - }, - { - "name" : "mime-tools-incorrect-concatenation(9273)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9273" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040914 Corsaire Security Advisory - Multiple vendor MIME field whitespace issue", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109525252118936&w=2" + }, + { + "name": "mime-tools-incorrect-concatenation(9273)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9273" + }, + { + "name": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/vuls/2004/380375/mime.htm" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1397.json b/2003/1xxx/CVE-2003-1397.json index d797b1ee9f4..3bb7b2140b5 100644 --- a/2003/1xxx/CVE-2003-1397.json +++ b/2003/1xxx/CVE-2003-1397.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1397", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1397", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030210 Java-Applet crashes Opera 6.05 and 7.01", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/311214" - }, - { - "name" : "6814", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6814" - }, - { - "name" : "3255", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3255" - }, - { - "name" : "opera-plugincontextshowdocument-bo(11280)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11280" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6814", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6814" + }, + { + "name": "20030210 Java-Applet crashes Opera 6.05 and 7.01", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/311214" + }, + { + "name": "opera-plugincontextshowdocument-bo(11280)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11280" + }, + { + "name": "3255", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3255" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1547.json b/2003/1xxx/CVE-2003-1547.json index f8a8c7a51ee..50a3486c570 100644 --- a/2003/1xxx/CVE-2003-1547.json +++ b/2003/1xxx/CVE-2003-1547.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1547", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1547", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030331 PHP-Nuke block-Forums.php subject vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316925/30/25250/threaded" - }, - { - "name" : "20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/317230/30/25220/threaded" - }, - { - "name" : "7248", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7248" - }, - { - "name" : "8478", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8478" - }, - { - "name" : "3718", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3718" - }, - { - "name" : "phpnuke-blockforums-subject-xss(11675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030401 Re: PHP-Nuke block-Forums.php subject vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/317230/30/25220/threaded" + }, + { + "name": "8478", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8478" + }, + { + "name": "phpnuke-blockforums-subject-xss(11675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11675" + }, + { + "name": "20030331 PHP-Nuke block-Forums.php subject vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316925/30/25250/threaded" + }, + { + "name": "3718", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3718" + }, + { + "name": "7248", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7248" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0006.json b/2004/0xxx/CVE-2004-0006.json index f79ea270270..b01756098c1 100644 --- a/2004/0xxx/CVE-2004-0006.json +++ b/2004/0xxx/CVE-2004-0006.json @@ -1,227 +1,227 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107513690306318&w=2" - }, - { - "name" : "20040126 Advisory 01/2004: 12 x Gaim remote overflows", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" - }, - { - "name" : "http://security.e-matters.de/advisories/012004.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/012004.html" - }, - { - "name" : "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107522432613022&w=2" - }, - { - "name" : "http://ultramagnetic.sourceforge.net/advisories/001.html", - "refsource" : "CONFIRM", - "url" : "http://ultramagnetic.sourceforge.net/advisories/001.html" - }, - { - "name" : "RHSA-2004:032", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-032.html" - }, - { - "name" : "RHSA-2004:033", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-033.html" - }, - { - "name" : "RHSA-2004:045", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-045.html" - }, - { - "name" : "MDKSA-2004:006", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" - }, - { - "name" : "20040202-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" - }, - { - "name" : "SuSE-SA:2004:004", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2004_04_gaim.html" - }, - { - "name" : "DSA-434", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-434" - }, - { - "name" : "CLA-2004:813", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" - }, - { - "name" : "20040201-01-U", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" - }, - { - "name" : "SSA:2004-026", - "refsource" : "SLACKWARE", - "url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158" - }, - { - "name" : "GLSA-200401-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200401-04.xml" - }, - { - "name" : "VU#297198", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/297198" - }, - { - "name" : "VU#371382", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/371382" - }, - { - "name" : "VU#444158", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/444158" - }, - { - "name" : "VU#503030", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/503030" - }, - { - "name" : "VU#527142", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/527142" - }, - { - "name" : "VU#871838", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/871838" - }, - { - "name" : "9489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9489" - }, - { - "name" : "3731", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3731" - }, - { - "name" : "3732", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3732" - }, - { - "name" : "oval:org.mitre.oval:def:818", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818" - }, - { - "name" : "oval:org.mitre.oval:def:10222", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222" - }, - { - "name" : "1008850", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1008850" - }, - { - "name" : "gaim-http-proxy-bo(14947)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947" - }, - { - "name" : "gaim-login-name-bo(14940)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940" - }, - { - "name" : "gaim-login-value-bo(14941)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941" - }, - { - "name" : "gaim-urlparser-bo(14945)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945" - }, - { - "name" : "gaim-yahoopacketread-keyname-bo(14943)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943" - }, - { - "name" : "gaim-yahoowebpending-cookie-bo(14939)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040202-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc" + }, + { + "name": "9489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9489" + }, + { + "name": "DSA-434", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-434" + }, + { + "name": "20040201-01-U", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc" + }, + { + "name": "RHSA-2004:032", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html" + }, + { + "name": "SuSE-SA:2004:004", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html" + }, + { + "name": "3732", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3732" + }, + { + "name": "SSA:2004-026", + "refsource": "SLACKWARE", + "url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158" + }, + { + "name": "oval:org.mitre.oval:def:818", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818" + }, + { + "name": "VU#871838", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/871838" + }, + { + "name": "VU#444158", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/444158" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107513690306318&w=2" + }, + { + "name": "VU#297198", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/297198" + }, + { + "name": "gaim-login-value-bo(14941)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941" + }, + { + "name": "oval:org.mitre.oval:def:10222", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222" + }, + { + "name": "http://ultramagnetic.sourceforge.net/advisories/001.html", + "refsource": "CONFIRM", + "url": "http://ultramagnetic.sourceforge.net/advisories/001.html" + }, + { + "name": "GLSA-200401-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml" + }, + { + "name": "1008850", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1008850" + }, + { + "name": "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107522432613022&w=2" + }, + { + "name": "http://security.e-matters.de/advisories/012004.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/012004.html" + }, + { + "name": "RHSA-2004:033", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html" + }, + { + "name": "MDKSA-2004:006", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006" + }, + { + "name": "gaim-yahoowebpending-cookie-bo(14939)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939" + }, + { + "name": "gaim-http-proxy-bo(14947)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947" + }, + { + "name": "gaim-login-name-bo(14940)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940" + }, + { + "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html" + }, + { + "name": "VU#527142", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/527142" + }, + { + "name": "gaim-urlparser-bo(14945)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945" + }, + { + "name": "VU#371382", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/371382" + }, + { + "name": "gaim-yahoopacketread-keyname-bo(14943)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943" + }, + { + "name": "CLA-2004:813", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813" + }, + { + "name": "3731", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3731" + }, + { + "name": "VU#503030", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/503030" + }, + { + "name": "RHSA-2004:045", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0386.json b/2004/0xxx/CVE-2004-0386.json index 4506a96e0cb..04a6ce920ed 100644 --- a/2004/0xxx/CVE-2004-0386.json +++ b/2004/0xxx/CVE-2004-0386.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0386", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0386", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040330 Heap overflow in MPlayer", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/359025" - }, - { - "name" : "20040330 MPlayer Security Advisory #002 - HTTP parsing vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108067020624076&w=2" - }, - { - "name" : "http://www.mplayerhq.hu/homepage/design6/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.mplayerhq.hu/homepage/design6/news.html" - }, - { - "name" : "GLSA-200403-13", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200403-13.xml" - }, - { - "name" : "MDKSA-2004:026", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:026" - }, - { - "name" : "VU#723910", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/723910" - }, - { - "name" : "10008", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10008" - }, - { - "name" : "11259", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11259" - }, - { - "name" : "mplayer-header-bo(15675)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15675" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11259", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11259" + }, + { + "name": "http://www.mplayerhq.hu/homepage/design6/news.html", + "refsource": "CONFIRM", + "url": "http://www.mplayerhq.hu/homepage/design6/news.html" + }, + { + "name": "mplayer-header-bo(15675)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15675" + }, + { + "name": "20040330 MPlayer Security Advisory #002 - HTTP parsing vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108067020624076&w=2" + }, + { + "name": "MDKSA-2004:026", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:026" + }, + { + "name": "VU#723910", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/723910" + }, + { + "name": "10008", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10008" + }, + { + "name": "20040330 Heap overflow in MPlayer", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/359025" + }, + { + "name": "GLSA-200403-13", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200403-13.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0736.json b/2004/0xxx/CVE-2004-0736.json index 4c06886402a..2085d86f948 100644 --- a/2004/0xxx/CVE-2004-0736.json +++ b/2004/0xxx/CVE-2004-0736.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) \"**\" or (2) \"+\" search patterns, which reveals the path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040718 [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109026609504767&w=2" - }, - { - "name" : "phpnuke-asterisk-plus-path-disclosure(16736)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16736" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) \"**\" or (2) \"+\" search patterns, which reveals the path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040718 [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109026609504767&w=2" + }, + { + "name": "phpnuke-asterisk-plus-path-disclosure(16736)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16736" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0974.json b/2004/0xxx/CVE-2004-0974.json index 6912f42101e..6ba977b6c96 100644 --- a/2004/0xxx/CVE-2004-0974.json +++ b/2004/0xxx/CVE-2004-0974.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0974", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0974", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "GLSA-200410-25", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml" - }, - { - "name" : "2004-0050", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.org/errata/2004/0050" - }, - { - "name" : "script-temporary-file-overwrite(17583)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "script-temporary-file-overwrite(17583)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583" + }, + { + "name": "2004-0050", + "refsource": "TRUSTIX", + "url": "http://www.trustix.org/errata/2004/0050" + }, + { + "name": "GLSA-200410-25", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200410-25.xml" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2222.json b/2004/2xxx/CVE-2004-2222.json index 5de74673316..9be9513c69b 100644 --- a/2004/2xxx/CVE-2004-2222.json +++ b/2004/2xxx/CVE-2004-2222.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://gallery.devrandom.org.uk/cgi-bin/viewcvs.cgi/fsphpgallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup", - "refsource" : "CONFIRM", - "url" : "http://gallery.devrandom.org.uk/cgi-bin/viewcvs.cgi/fsphpgallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup" - }, - { - "name" : "11594", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11594" - }, - { - "name" : "11378", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11378" - }, - { - "name" : "1012063", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012063" - }, - { - "name" : "13074", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13074" - }, - { - "name" : "fsphpgallery-information-disclosure(17950)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11594", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11594" + }, + { + "name": "fsphpgallery-information-disclosure(17950)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17950" + }, + { + "name": "1012063", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012063" + }, + { + "name": "11378", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11378" + }, + { + "name": "13074", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13074" + }, + { + "name": "http://gallery.devrandom.org.uk/cgi-bin/viewcvs.cgi/fsphpgallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup", + "refsource": "CONFIRM", + "url": "http://gallery.devrandom.org.uk/cgi-bin/viewcvs.cgi/fsphpgallery/ChangeLog?rev=HEAD&content-type=text/vnd.viewcvs-markup" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2401.json b/2004/2xxx/CVE-2004-2401.json index 8ae4b28c1d6..33a3740a39d 100644 --- a/2004/2xxx/CVE-2004-2401.json +++ b/2004/2xxx/CVE-2004-2401.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2401", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long \"tag text.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2401", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ipswitch.com/kb/IM-20031219-DF01.htm", - "refsource" : "CONFIRM", - "url" : "http://support.ipswitch.com/kb/IM-20031219-DF01.htm" - }, - { - "name" : "10106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10106" - }, - { - "name" : "5243", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5243" - }, - { - "name" : "11352", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11352" - }, - { - "name" : "imail-express-message-bo(15841)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15841" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long \"tag text.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "imail-express-message-bo(15841)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15841" + }, + { + "name": "10106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10106" + }, + { + "name": "11352", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11352" + }, + { + "name": "5243", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5243" + }, + { + "name": "http://support.ipswitch.com/kb/IM-20031219-DF01.htm", + "refsource": "CONFIRM", + "url": "http://support.ipswitch.com/kb/IM-20031219-DF01.htm" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2571.json b/2004/2xxx/CVE-2004-2571.json index 47b1db55d90..906f591ba3d 100644 --- a/2004/2xxx/CVE-2004-2571.json +++ b/2004/2xxx/CVE-2004-2571.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2571", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2571", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040528 EnderUNIX Security Anouncement (Isoqlog and Spamguard)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html" - }, - { - "name" : "10433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10433" - }, - { - "name" : "1010292", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010292" - }, - { - "name" : "11741", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11741/" - }, - { - "name" : "isoqlog-multiple-bo(16308)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16308" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1010292", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010292" + }, + { + "name": "10433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10433" + }, + { + "name": "20040528 EnderUNIX Security Anouncement (Isoqlog and Spamguard)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0298.html" + }, + { + "name": "11741", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11741/" + }, + { + "name": "isoqlog-multiple-bo(16308)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16308" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2713.json b/2004/2xxx/CVE-2004-2713.json index f5d49c05822..28d143484e5 100644 --- a/2004/2xxx/CVE-2004-2713.json +++ b/2004/2xxx/CVE-2004-2713.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\\Internet Logs\\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040825 Check Point - Zone Labs Division - Response to \"Weak Default Permissions Vulnerability\"", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0389.html" - }, - { - "name" : "20040819 Unsecure file permission of ZoneAlarm pro.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0871.html" - }, - { - "name" : "20040820 Re: Unsecure file permission of ZoneAlarm pro.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0883.html" - }, - { - "name" : "20040821 Re: Unsecure file permission of ZoneAlarm pro.", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0933.html" - }, - { - "name" : "9761", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9761" - }, - { - "name" : "zonealarm-insecure-file-permission(17099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\\Internet Logs\\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040825 Check Point - Zone Labs Division - Response to \"Weak Default Permissions Vulnerability\"", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0389.html" + }, + { + "name": "20040820 Re: Unsecure file permission of ZoneAlarm pro.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0883.html" + }, + { + "name": "zonealarm-insecure-file-permission(17099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17099" + }, + { + "name": "20040821 Re: Unsecure file permission of ZoneAlarm pro.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0933.html" + }, + { + "name": "9761", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9761" + }, + { + "name": "20040819 Unsecure file permission of ZoneAlarm pro.", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0871.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2268.json b/2008/2xxx/CVE-2008-2268.json index 6803bf73139..0469b4532d1 100644 --- a/2008/2xxx/CVE-2008-2268.json +++ b/2008/2xxx/CVE-2008-2268.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080501 mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/491523/100/0/threaded" - }, - { - "name" : "20080521 Re: mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/492384/100/0/threaded" - }, - { - "name" : "http://www.mdsjack.bo.it/public/phpBB3/viewtopic.php?t=2049", - "refsource" : "CONFIRM", - "url" : "http://www.mdsjack.bo.it/public/phpBB3/viewtopic.php?t=2049" - }, - { - "name" : "3872", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3872" - }, - { - "name" : "mjguest-mjguest-security-bypass(42130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open redirect vulnerability in interface/redirect.htm.php in Mjguest 6.7 GT Rev.01 allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the goto parameter in a redirect action to mjguest.php. NOTE: this is user-assisted because there is a delay and a notification before redirection occurs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mdsjack.bo.it/public/phpBB3/viewtopic.php?t=2049", + "refsource": "CONFIRM", + "url": "http://www.mdsjack.bo.it/public/phpBB3/viewtopic.php?t=2049" + }, + { + "name": "20080521 Re: mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/492384/100/0/threaded" + }, + { + "name": "3872", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3872" + }, + { + "name": "mjguest-mjguest-security-bypass(42130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42130" + }, + { + "name": "20080501 mjguest 6.7 (ALL VERSION) Xss & Redirection Vuln", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/491523/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2345.json b/2008/2xxx/CVE-2008-2345.json index 0f500c5f348..a3cce341750 100644 --- a/2008/2xxx/CVE-2008-2345.json +++ b/2008/2xxx/CVE-2008-2345.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to \"insufficient file filtering.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/" - }, - { - "name" : "airfilemanager-unspecified-code-execution(42449)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42449" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the air_filemanager 0.6.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary PHP code via unspecified vectors related to \"insufficient file filtering.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "airfilemanager-unspecified-code-execution(42449)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42449" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080515-2/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2384.json b/2008/2xxx/CVE-2008-2384.json index fb768606d2b..7d0ef33a05e 100644 --- a/2008/2xxx/CVE-2008-2384.json +++ b/2008/2xxx/CVE-2008-2384.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2384", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \\ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2384", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20090121 mod-auth-mysql: SQL injection", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2009/01/21/10" - }, - { - "name" : "http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch", - "refsource" : "CONFIRM", - "url" : "http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=480238", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=480238" - }, - { - "name" : "FEDORA-2011-0100", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html" - }, - { - "name" : "FEDORA-2011-0114", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html" - }, - { - "name" : "RHSA-2009:0259", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2009-0259.html" - }, - { - "name" : "RHSA-2010:1002", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2010-1002.html" - }, - { - "name" : "33392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/33392" - }, - { - "name" : "oval:org.mitre.oval:def:10172", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10172" - }, - { - "name" : "43302", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/43302" - }, - { - "name" : "ADV-2009-0226", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/0226" - }, - { - "name" : "33627", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33627" - }, - { - "name" : "ADV-2011-0367", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2011/0367" - }, - { - "name" : "modauthmysql-multibyte-sql-injection(48163)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48163" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \\ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20090121 mod-auth-mysql: SQL injection", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2009/01/21/10" + }, + { + "name": "RHSA-2009:0259", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2009-0259.html" + }, + { + "name": "modauthmysql-multibyte-sql-injection(48163)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48163" + }, + { + "name": "FEDORA-2011-0100", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053899.html" + }, + { + "name": "http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch", + "refsource": "CONFIRM", + "url": "http://klecker.debian.org/~white/mod-auth-mysql/CVE-2008-2384_mod-auth-mysql.patch" + }, + { + "name": "ADV-2011-0367", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2011/0367" + }, + { + "name": "FEDORA-2011-0114", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-February/053903.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=480238", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=480238" + }, + { + "name": "33627", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33627" + }, + { + "name": "43302", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/43302" + }, + { + "name": "RHSA-2010:1002", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2010-1002.html" + }, + { + "name": "ADV-2009-0226", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/0226" + }, + { + "name": "oval:org.mitre.oval:def:10172", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10172" + }, + { + "name": "33392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/33392" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2857.json b/2008/2xxx/CVE-2008-2857.json index 2d208cc5075..256cfbdce9e 100644 --- a/2008/2xxx/CVE-2008-2857.json +++ b/2008/2xxx/CVE-2008-2857.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2857", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2857", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5821", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5821", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5821" + } + ] + } +} \ No newline at end of file diff --git a/2008/6xxx/CVE-2008-6273.json b/2008/6xxx/CVE-2008-6273.json index ba4c52e6050..7e826a4f9ee 100644 --- a/2008/6xxx/CVE-2008-6273.json +++ b/2008/6xxx/CVE-2008-6273.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-6273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in configuration_script.php in MyKtools 3.0 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, a different vulnerability than CVE-2008-4781. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-6273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "32432", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32432" - }, - { - "name" : "myktools-configurationscript-file-include(48957)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in configuration_script.php in MyKtools 3.0 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the langage parameter, a different vulnerability than CVE-2008-4781. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "32432", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32432" + }, + { + "name": "myktools-configurationscript-file-include(48957)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48957" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0173.json b/2012/0xxx/CVE-2012-0173.json index 83d33d8856b..1008b6a09da 100644 --- a/2012/0xxx/CVE-2012-0173.json +++ b/2012/0xxx/CVE-2012-0173.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0173", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability,\" a different vulnerability than CVE-2012-0002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0173", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-036", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-036" - }, - { - "name" : "TA12-164A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" - }, - { - "name" : "oval:org.mitre.oval:def:15116", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15116" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability,\" a different vulnerability than CVE-2012-0002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15116", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15116" + }, + { + "name": "TA12-164A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" + }, + { + "name": "MS12-036", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-036" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1058.json b/2012/1xxx/CVE-2012-1058.json index 4a7c19ff010..aa36b97af83 100644 --- a/2012/1xxx/CVE-2012-1058.json +++ b/2012/1xxx/CVE-2012-1058.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18468", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18468" - }, - { - "name" : "http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html" - }, - { - "name" : "78923", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78923" - }, - { - "name" : "47881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47881" - }, - { - "name" : "flyspray-index-csrf(73051)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73051" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18468", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18468" + }, + { + "name": "flyspray-index-csrf(73051)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73051" + }, + { + "name": "47881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47881" + }, + { + "name": "78923", + "refsource": "OSVDB", + "url": "http://osvdb.org/78923" + }, + { + "name": "http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/109507/Flyspray-0.9.9.6-Cross-Site-Request-Forgery.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1311.json b/2012/1xxx/CVE-2012-1311.json index cf396b7bd99..99ad2328635 100644 --- a/2012/1xxx/CVE-2012-1311.json +++ b/2012/1xxx/CVE-2012-1311.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1311", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1311", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120328 Cisco IOS Software RSVP Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp" - }, - { - "name" : "52754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52754" - }, - { - "name" : "80692", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80692" - }, - { - "name" : "1026865", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026865" - }, - { - "name" : "48611", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48611" - }, - { - "name" : "48621", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48621" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through 3.4.xS before 3.4.2S, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge and service outage) via crafted RSVP packets, aka Bug ID CSCts80643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026865", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026865" + }, + { + "name": "80692", + "refsource": "OSVDB", + "url": "http://osvdb.org/80692" + }, + { + "name": "20120328 Cisco IOS Software RSVP Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-rsvp" + }, + { + "name": "48611", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48611" + }, + { + "name": "52754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52754" + }, + { + "name": "48621", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48621" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1532.json b/2012/1xxx/CVE-2012-1532.json index 9181227a92e..afb2ca60d71 100644 --- a/2012/1xxx/CVE-2012-1532.json +++ b/2012/1xxx/CVE-2012-1532.json @@ -1,177 +1,177 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "56051", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56051" - }, - { - "name" : "oval:org.mitre.oval:def:16556", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16556" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "javaruntimeenvironment-deploy-cve20121532(79417)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "56051", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56051" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "oval:org.mitre.oval:def:16556", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16556" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "javaruntimeenvironment-deploy-cve20121532(79417)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79417" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1544.json b/2012/1xxx/CVE-2012-1544.json index ab98a122b99..e597afe4c92 100644 --- a/2012/1xxx/CVE-2012-1544.json +++ b/2012/1xxx/CVE-2012-1544.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1544", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1876. Reason: This candidate is a duplicate of CVE-2012-1876. Notes: All CVE users should reference CVE-2012-1876 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1544", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-1876. Reason: This candidate is a duplicate of CVE-2012-1876. Notes: All CVE users should reference CVE-2012-1876 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1581.json b/2012/1xxx/CVE-2012-1581.json index d4589ef5a9c..4b4d22d4a3a 100644 --- a/2012/1xxx/CVE-2012-1581.json +++ b/2012/1xxx/CVE-2012-1581.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1581", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1581", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html" - }, - { - "name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2", - "refsource" : "MLIST", - "url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html" - }, - { - "name" : "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/22/9" - }, - { - "name" : "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/24/1" - }, - { - "name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078" - }, - { - "name" : "52689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52689" - }, - { - "name" : "48504", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48504" - }, - { - "name" : "mediawiki-random-numbers-sec-bypass(78910)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078", + "refsource": "CONFIRM", + "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35078" + }, + { + "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1" + }, + { + "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html" + }, + { + "name": "48504", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48504" + }, + { + "name": "mediawiki-random-numbers-sec-bypass(78910)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78910" + }, + { + "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3", + "refsource": "MLIST", + "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html" + }, + { + "name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/22/9" + }, + { + "name": "52689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52689" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1784.json b/2012/1xxx/CVE-2012-1784.json index 1ae78328849..eca90b9547e 100644 --- a/2012/1xxx/CVE-2012-1784.json +++ b/2012/1xxx/CVE-2012-1784.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1784", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1784", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/110225/MyJobList-0.1.3-SQL-Injection.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/110225/MyJobList-0.1.3-SQL-Injection.html" - }, - { - "name" : "52168", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52168" - }, - { - "name" : "79637", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79637" - }, - { - "name" : "48169", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48169" - }, - { - "name" : "myjoblist-index-sql-injection(73503)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73503" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52168", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52168" + }, + { + "name": "79637", + "refsource": "OSVDB", + "url": "http://osvdb.org/79637" + }, + { + "name": "http://packetstormsecurity.org/files/110225/MyJobList-0.1.3-SQL-Injection.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/110225/MyJobList-0.1.3-SQL-Injection.html" + }, + { + "name": "48169", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48169" + }, + { + "name": "myjoblist-index-sql-injection(73503)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73503" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5047.json b/2012/5xxx/CVE-2012-5047.json index fd562fce695..734babcfdae 100644 --- a/2012/5xxx/CVE-2012-5047.json +++ b/2012/5xxx/CVE-2012-5047.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5047", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5047", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5268.json b/2012/5xxx/CVE-2012-5268.json index af95b56216c..477d206438b 100644 --- a/2012/5xxx/CVE-2012-5268.json +++ b/2012/5xxx/CVE-2012-5268.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5268", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5268", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86045", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86045" - }, - { - "name" : "adobe-cve20125268-code-exec(79089)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79089" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "adobe-cve20125268-code-exec(79089)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79089" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + }, + { + "name": "86045", + "refsource": "OSVDB", + "url": "http://osvdb.org/86045" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5475.json b/2012/5xxx/CVE-2012-5475.json index 65f09940965..45969e1855d 100644 --- a/2012/5xxx/CVE-2012-5475.json +++ b/2012/5xxx/CVE-2012-5475.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5475", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5881, CVE-2012-5882, CVE-2012-5883. Reason: This candidate is a duplicate of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883. Notes: All CVE users should reference one or more of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5475", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-5881, CVE-2012-5882, CVE-2012-5883. Reason: This candidate is a duplicate of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883. Notes: All CVE users should reference one or more of CVE-2012-5881, CVE-2012-5882, and CVE-2012-5883 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5762.json b/2012/5xxx/CVE-2012-5762.json index 0a9ad481d89..b5a902107e8 100644 --- a/2012/5xxx/CVE-2012-5762.json +++ b/2012/5xxx/CVE-2012-5762.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5762", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5762", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624568", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21624568" - }, - { - "name" : "netezza-mhtml-iframe-xss(80204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via vectors involving the MHTML protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netezza-mhtml-iframe-xss(80204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80204" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21624568", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21624568" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11109.json b/2017/11xxx/CVE-2017-11109.json index 284b519056b..0ff267fe3d6 100644 --- a/2017/11xxx/CVE-2017-11109.json +++ b/2017/11xxx/CVE-2017-11109.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1468492" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468492" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11780.json b/2017/11xxx/CVE-2017-11780.json index 6204dcf35cb..20c4b73d968 100644 --- a/2017/11xxx/CVE-2017-11780.json +++ b/2017/11xxx/CVE-2017-11780.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-10-10T00:00:00", - "ID" : "CVE-2017-11780", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Server Message Block 1.0 (SMBv1)", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-10-10T00:00:00", + "ID": "CVE-2017-11780", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Server Message Block 1.0 (SMBv1)", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780" - }, - { - "name" : "101110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101110" - }, - { - "name" : "1039528", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039528" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka \"Windows SMB Remote Code Execution Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101110" + }, + { + "name": "1039528", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039528" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11780" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11987.json b/2017/11xxx/CVE-2017-11987.json index 4d42464dd8a..03d463050fd 100644 --- a/2017/11xxx/CVE-2017-11987.json +++ b/2017/11xxx/CVE-2017-11987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3467.json b/2017/3xxx/CVE-2017-3467.json index d072f311d97..d92cb21f859 100644 --- a/2017/3xxx/CVE-2017-3467.json +++ b/2017/3xxx/CVE-2017-3467.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3467", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3467", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "97825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97825" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: C API). Supported versions that are affected are 5.7.17 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "97825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97825" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3652.json b/2017/3xxx/CVE-2017-3652.json index ce2f706a4aa..2626599a8b7 100644 --- a/2017/3xxx/CVE-2017-3652.json +++ b/2017/3xxx/CVE-2017-3652.json @@ -1,96 +1,96 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3652", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.5.56 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.6.36 and earlier" - }, - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3652", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.5.56 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.6.36 and earlier" + }, + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "DSA-3922", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3922" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "RHSA-2017:2787", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2787" - }, - { - "name" : "99805", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99805" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2787", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2787" + }, + { + "name": "99805", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99805" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "DSA-3922", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3922" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3798.json b/2017/3xxx/CVE-2017-3798.json index ff26fe631b2..4c023dad4be 100644 --- a/2017/3xxx/CVE-2017-3798.json +++ b/2017/3xxx/CVE-2017-3798.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3798", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "unspecified" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3798", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm" - }, - { - "name" : "95872", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95872" - }, - { - "name" : "1037653", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037653" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device. More Information: CSCvb97237. Known Affected Releases: 11.0(1.10000.10) 11.5(1.10000.6). Known Fixed Releases: 11.5(1.12029.1) 11.5(1.12900.11) 12.0(0.98000.369) 12.0(0.98000.370) 12.0(0.98000.398) 12.0(0.98000.457)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "unspecified" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037653", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037653" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170118-cucm" + }, + { + "name": "95872", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95872" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3860.json b/2017/3xxx/CVE-2017-3860.json index 01e60129f26..7d387b37094 100644 --- a/2017/3xxx/CVE-2017-3860.json +++ b/2017/3xxx/CVE-2017-3860.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco IOS and IOS XE", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco IOS and IOS XE" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-119" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco IOS and IOS XE", + "version": { + "version_data": [ + { + "version_value": "Cisco IOS and IOS XE" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise" - }, - { - "name" : "97935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97935" - }, - { - "name" : "1038313", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038313" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading to a denial of service (DoS) condition. These vulnerabilities are due to improper parsing of crafted EnergyWise packets destined to an affected device. An attacker could exploit these vulnerabilities by sending crafted EnergyWise packets to be processed by an affected device. An exploit could allow the attacker to cause a buffer overflow condition or a reload of the affected device, leading to a DoS condition. Cisco IOS Software and Cisco IOS XE Software support EnergyWise for IPv4 communication. Only IPv4 packets destined to a device configured as an EnergyWise domain member can trigger these vulnerabilities. IPv6 packets cannot be used to trigger these vulnerabilities. Cisco Bug ID CSCur29331." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-119" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038313", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038313" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-energywise" + }, + { + "name": "97935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97935" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7061.json b/2017/7xxx/CVE-2017-7061.json index c159636bb01..5b468e2f08e 100644 --- a/2017/7xxx/CVE-2017-7061.json +++ b/2017/7xxx/CVE-2017-7061.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7061", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7061", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42666", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42666/" - }, - { - "name" : "https://support.apple.com/HT207921", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207921" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "https://support.apple.com/HT207927", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207927" - }, - { - "name" : "https://support.apple.com/HT207928", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207928" - }, - { - "name" : "99885", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99885" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99885", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99885" + }, + { + "name": "https://support.apple.com/HT207927", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207927" + }, + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "https://support.apple.com/HT207928", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207928" + }, + { + "name": "https://support.apple.com/HT207921", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207921" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "42666", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42666/" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7138.json b/2017/7xxx/CVE-2017-7138.json index dead841ac96..1f55ce0574f 100644 --- a/2017/7xxx/CVE-2017-7138.json +++ b/2017/7xxx/CVE-2017-7138.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Directory Utility\" component. It allows local users to discover the Apple ID of the computer's owner." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208144", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208144" - }, - { - "name" : "100993", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100993" - }, - { - "name" : "1039427", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039427" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Directory Utility\" component. It allows local users to discover the Apple ID of the computer's owner." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100993", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100993" + }, + { + "name": "https://support.apple.com/HT208144", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208144" + }, + { + "name": "1039427", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039427" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7322.json b/2017/7xxx/CVE-2017-7322.json index b50943c2ca4..82aff8dbc88 100644 --- a/2017/7xxx/CVE-2017-7322.json +++ b/2017/7xxx/CVE-2017-7322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf", - "refsource" : "MISC", - "url" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf" - }, - { - "name" : "97228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97228" + }, + { + "name": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf", + "refsource": "MISC", + "url": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7668.json b/2017/7xxx/CVE-2017-7668.json index c11e2fcb328..4b6b86f1698 100644 --- a/2017/7xxx/CVE-2017-7668.json +++ b/2017/7xxx/CVE-2017-7668.json @@ -1,130 +1,130 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-7668", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.32" - }, - { - "version_value" : "2.4.24, 2.4.25" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service, Integrity Violation (CWE-126)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-7668", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.2.32" + }, + { + "version_value": "2.4.24, 2.4.25" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20170619 CVE-2017-7668: ap_find_token buffer overread", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b@%3Cdev.httpd.apache.org%3E" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0002/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" - }, - { - "name" : "DSA-3896", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3896" - }, - { - "name" : "GLSA-201710-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-32" - }, - { - "name" : "RHSA-2017:3193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3193" - }, - { - "name" : "RHSA-2017:3194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3194" - }, - { - "name" : "RHSA-2017:2479", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2479" - }, - { - "name" : "RHSA-2017:2483", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2483" - }, - { - "name" : "99137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99137" - }, - { - "name" : "1038711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service, Integrity Violation (CWE-126)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "RHSA-2017:2479", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2479" + }, + { + "name": "[dev] 20170619 CVE-2017-7668: ap_find_token buffer overread", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/55a068b6a5eec0b3198ae7d96a7cb412352d0ffa7716612c5af3745b@%3Cdev.httpd.apache.org%3E" + }, + { + "name": "RHSA-2017:2483", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2483" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0002/" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "99137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99137" + }, + { + "name": "DSA-3896", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3896" + }, + { + "name": "RHSA-2017:3194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3194" + }, + { + "name": "RHSA-2017:3193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3193" + }, + { + "name": "1038711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038711" + }, + { + "name": "GLSA-201710-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-32" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8027.json b/2017/8xxx/CVE-2017-8027.json index 44d1997e48f..e256c125c7e 100644 --- a/2017/8xxx/CVE-2017-8027.json +++ b/2017/8xxx/CVE-2017-8027.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8027", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-8027", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8503.json b/2017/8xxx/CVE-2017-8503.json index 0182dccdb76..af0da00e663 100644 --- a/2017/8xxx/CVE-2017-8503.json +++ b/2017/8xxx/CVE-2017-8503.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8503", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016." - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8642." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8503", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016." + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503" - }, - { - "name" : "99395", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99395" - }, - { - "name" : "1039101", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039101" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka \"Microsoft Edge Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8642." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8503" + }, + { + "name": "99395", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99395" + }, + { + "name": "1039101", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039101" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8556.json b/2017/8xxx/CVE-2017-8556.json index f7b8f53d1be..3dfe9a1d8ab 100644 --- a/2017/8xxx/CVE-2017-8556.json +++ b/2017/8xxx/CVE-2017-8556.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8556", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Graphics" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8556", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Graphics" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8556", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8556" - }, - { - "name" : "99439", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99439" - }, - { - "name" : "1038856", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8574." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99439", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99439" + }, + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8556", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8556" + }, + { + "name": "1038856", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038856" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10179.json b/2018/10xxx/CVE-2018-10179.json index ea6f7a25f78..e87f50d489e 100644 --- a/2018/10xxx/CVE-2018-10179.json +++ b/2018/10xxx/CVE-2018-10179.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10179", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10179", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10209.json b/2018/10xxx/CVE-2018-10209.json index bd9a29bb6f7..159c52201d9 100644 --- a/2018/10xxx/CVE-2018-10209.json +++ b/2018/10xxx/CVE-2018-10209.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10209/", - "refsource" : "MISC", - "url" : "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10209/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is Stored XSS on the file or folder download pop-up via a crafted file or folder name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10209/", + "refsource": "MISC", + "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2018-10209/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10496.json b/2018/10xxx/CVE-2018-10496.json index e46b53bbcf9..31b71c057fd 100644 --- a/2018/10xxx/CVE-2018-10496.json +++ b/2018/10xxx/CVE-2018-10496.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-10496", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Samsung Internet Browser", - "version" : { - "version_data" : [ - { - "version_value" : "Fixed in version 6.4.0.15" - } - ] - } - } - ] - }, - "vendor_name" : "Samsung" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-10496", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Samsung Internet Browser", + "version": { + "version_data": [ + { + "version_value": "Fixed in version 6.4.0.15" + } + ] + } + } + ] + }, + "vendor_name": "Samsung" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-555", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-555", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-555" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10549.json b/2018/10xxx/CVE-2018-10549.json index 88733f6578a..eea5de2cb51 100644 --- a/2018/10xxx/CVE-2018-10549.json +++ b/2018/10xxx/CVE-2018-10549.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10549", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\\0' character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10549", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html" - }, - { - "name" : "http://php.net/ChangeLog-5.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-5.php" - }, - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=76130", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=76130" - }, - { - "name" : "https://www.synology.com/support/security/Synology_SA_18_20", - "refsource" : "CONFIRM", - "url" : "https://www.synology.com/support/security/Synology_SA_18_20" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180607-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180607-0003/" - }, - { - "name" : "https://www.tenable.com/security/tns-2018-12", - "refsource" : "CONFIRM", - "url" : "https://www.tenable.com/security/tns-2018-12" - }, - { - "name" : "DSA-4240", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4240" - }, - { - "name" : "GLSA-201812-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201812-01" - }, - { - "name" : "USN-3646-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3646-1/" - }, - { - "name" : "104019", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104019" - }, - { - "name" : "1040807", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1040807" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\\0' character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104019", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104019" + }, + { + "name": "1040807", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1040807" + }, + { + "name": "https://bugs.php.net/bug.php?id=76130", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=76130" + }, + { + "name": "https://www.synology.com/support/security/Synology_SA_18_20", + "refsource": "CONFIRM", + "url": "https://www.synology.com/support/security/Synology_SA_18_20" + }, + { + "name": "DSA-4240", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4240" + }, + { + "name": "https://www.tenable.com/security/tns-2018-12", + "refsource": "CONFIRM", + "url": "https://www.tenable.com/security/tns-2018-12" + }, + { + "name": "USN-3646-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3646-1/" + }, + { + "name": "http://php.net/ChangeLog-5.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-5.php" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + }, + { + "name": "GLSA-201812-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201812-01" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180607-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180607-0003/" + }, + { + "name": "[debian-lts-announce] 20180626 [SECURITY] [DLA 1397-1] php5 security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10963.json b/2018/10xxx/CVE-2018-10963.json index 87affdb0088..fd57aa38854 100644 --- a/2018/10xxx/CVE-2018-10963.json +++ b/2018/10xxx/CVE-2018-10963.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10963", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10963", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" - }, - { - "name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2795", - "refsource" : "MISC", - "url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2795" - }, - { - "name" : "DSA-4349", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4349" - }, - { - "name" : "USN-3864-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3864-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF through 4.0.9 allows remote attackers to cause a denial of service (assertion failure and application crash) via a crafted file, a different vulnerability than CVE-2017-13726." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2795", + "refsource": "MISC", + "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2795" + }, + { + "name": "USN-3864-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3864-1/" + }, + { + "name": "DSA-4349", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4349" + }, + { + "name": "[debian-lts-announce] 20180702 [SECURITY] [DLA 1411-1] tiff security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12017.json b/2018/12xxx/CVE-2018-12017.json index 85c7c556979..32b081e838c 100644 --- a/2018/12xxx/CVE-2018-12017.json +++ b/2018/12xxx/CVE-2018-12017.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-12017", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-12017", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/12xxx/CVE-2018-12821.json b/2018/12xxx/CVE-2018-12821.json index 827cb328d1a..217a35847b7 100644 --- a/2018/12xxx/CVE-2018-12821.json +++ b/2018/12xxx/CVE-2018-12821.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2018-12821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Digital Editions", - "version" : { - "version_data" : [ - { - "version_value" : "4.5.8 and below versions" - } - ] - } - } - ] - }, - "vendor_name" : "Adobe" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Out of bounds read" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2018-12821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Digital Editions", + "version": { + "version_data": [ + { + "version_value": "4.5.8 and below versions" + } + ] + } + } + ] + }, + "vendor_name": "Adobe" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" - }, - { - "name" : "105532", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105532" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Digital Editions versions 4.5.8 and below have an out of bounds read vulnerability. Successful exploitation could lead to information disclosure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Out of bounds read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb18-27.html" + }, + { + "name": "105532", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105532" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13001.json b/2018/13xxx/CVE-2018-13001.json index d83f30ff251..4c4d0a129a2 100644 --- a/2018/13xxx/CVE-2018-13001.json +++ b/2018/13xxx/CVE-2018-13001.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13001", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13001", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.vulnerability-lab.com/get_content.php?id=2122", - "refsource" : "MISC", - "url" : "https://www.vulnerability-lab.com/get_content.php?id=2122" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to the client-side requested vulnerable web-application parameters. The attack vector of the vulnerability is non-persistent and the request method to inject/execute is GET with the path, search, rename, or dir parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.vulnerability-lab.com/get_content.php?id=2122", + "refsource": "MISC", + "url": "https://www.vulnerability-lab.com/get_content.php?id=2122" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13384.json b/2018/13xxx/CVE-2018-13384.json index 06ae72bbf68..f5b03fe396f 100644 --- a/2018/13xxx/CVE-2018-13384.json +++ b/2018/13xxx/CVE-2018-13384.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13384", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13384", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13707.json b/2018/13xxx/CVE-2018-13707.json index a83e27d8761..85356a43cee 100644 --- a/2018/13xxx/CVE-2018-13707.json +++ b/2018/13xxx/CVE-2018-13707.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13707", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13707", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YSS", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YSS" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for YSS, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YSS", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YSS" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13923.json b/2018/13xxx/CVE-2018-13923.json index 8ca2af4aeb8..a96479a33ec 100644 --- a/2018/13xxx/CVE-2018-13923.json +++ b/2018/13xxx/CVE-2018-13923.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13923", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13923", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17125.json b/2018/17xxx/CVE-2018-17125.json index f69fcb20ef6..6fd1ca7dd75 100644 --- a/2018/17xxx/CVE-2018-17125.json +++ b/2018/17xxx/CVE-2018-17125.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CScms 4.1 allows arbitrary directory deletion via a dir=..\\\\ substring to plugins\\sys\\admin\\Plugins.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md" - }, - { - "name" : "https://www.patec.cn/newsshow.php?cid=24&id=125", - "refsource" : "MISC", - "url" : "https://www.patec.cn/newsshow.php?cid=24&id=125" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CScms 4.1 allows arbitrary directory deletion via a dir=..\\\\ substring to plugins\\sys\\admin\\Plugins.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CScms/blob/master/CScms_dirdel.md" + }, + { + "name": "https://www.patec.cn/newsshow.php?cid=24&id=125", + "refsource": "MISC", + "url": "https://www.patec.cn/newsshow.php?cid=24&id=125" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17260.json b/2018/17xxx/CVE-2018-17260.json index 94c2387ecc0..9abe5584584 100644 --- a/2018/17xxx/CVE-2018-17260.json +++ b/2018/17xxx/CVE-2018-17260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17260", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-17260", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17676.json b/2018/17xxx/CVE-2018-17676.json index 07b89086c30..5cf2bd6f258 100644 --- a/2018/17xxx/CVE-2018-17676.json +++ b/2018/17xxx/CVE-2018-17676.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1153/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1153/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the removeField property of a app object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6849." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1153/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1153/" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17747.json b/2018/17xxx/CVE-2018-17747.json index 183a5cae13a..7245ec6c259 100644 --- a/2018/17xxx/CVE-2018-17747.json +++ b/2018/17xxx/CVE-2018-17747.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17747", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17747", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17984.json b/2018/17xxx/CVE-2018-17984.json index f3caf869103..02e5ae2f174 100644 --- a/2018/17xxx/CVE-2018-17984.json +++ b/2018/17xxx/CVE-2018-17984.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17984", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17984", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html", - "refsource" : "MISC", - "url" : "https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html" - }, - { - "name" : "https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown", - "refsource" : "MISC", - "url" : "https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown" - }, - { - "name" : "https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/", - "refsource" : "MISC", - "url" : "https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unanchored /[a-z]{2}/ regular expression in ISPConfig before 3.1.13 makes it possible to include arbitrary files, leading to code execution. This is exploitable by authenticated users who have local filesystem access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/", + "refsource": "MISC", + "url": "https://www.ispconfig.org/blog/ispconfig-3-1-13-released-important-security-bugfix/" + }, + { + "name": "https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html", + "refsource": "MISC", + "url": "https://0x09al.github.io/security/ispconfig/exploit/vulnerability/2018/08/20/bug-or-backdoor-ispconfig-rce.html" + }, + { + "name": "https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown", + "refsource": "MISC", + "url": "https://github.com/0x09AL/0x09al.github.io/blob/master/_posts/2018-08-20-bug-or-backdoor-ispconfig-rce.markdown" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9006.json b/2018/9xxx/CVE-2018-9006.json index 029fbf55a07..42c1e0f91e7 100644 --- a/2018/9xxx/CVE-2018-9006.json +++ b/2018/9xxx/CVE-2018-9006.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x64.sys-0x9c402004", - "refsource" : "MISC", - "url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x64.sys-0x9c402004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win7_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x64.sys-0x9c402004", + "refsource": "MISC", + "url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win7_x64.sys-0x9c402004" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9017.json b/2018/9xxx/CVE-2018-9017.json index 18ff4167b79..a66907a984c 100644 --- a/2018/9xxx/CVE-2018-9017.json +++ b/2018/9xxx/CVE-2018-9017.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9017", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9017", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug3.md", - "refsource" : "MISC", - "url" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug3.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dsmall v20180320 allows XSS via the member search box at the public/index.php/home/membersnsfriend/findlist.html URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug3.md", + "refsource": "MISC", + "url": "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug3.md" + } + ] + } +} \ No newline at end of file