From 18c3961f830a893b30523f05fbbbb8d2d3b110d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 02:36:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0042.json | 140 ++++++------- 2002/0xxx/CVE-2002-0439.json | 140 ++++++------- 2002/0xxx/CVE-2002-0831.json | 150 +++++++------- 2002/0xxx/CVE-2002-0930.json | 150 +++++++------- 2002/1xxx/CVE-2002-1039.json | 150 +++++++------- 2002/1xxx/CVE-2002-1210.json | 130 ++++++------ 2002/1xxx/CVE-2002-1336.json | 200 +++++++++--------- 2002/1xxx/CVE-2002-1415.json | 140 ++++++------- 2002/1xxx/CVE-2002-1661.json | 210 +++++++++---------- 2003/0xxx/CVE-2003-0034.json | 160 +++++++-------- 2003/0xxx/CVE-2003-0178.json | 310 ++++++++++++++-------------- 2003/0xxx/CVE-2003-0196.json | 170 ++++++++-------- 2003/0xxx/CVE-2003-0812.json | 200 +++++++++--------- 2003/1xxx/CVE-2003-1177.json | 190 ++++++++--------- 2003/1xxx/CVE-2003-1239.json | 150 +++++++------- 2004/2xxx/CVE-2004-2559.json | 150 +++++++------- 2012/0xxx/CVE-2012-0493.json | 170 ++++++++-------- 2012/0xxx/CVE-2012-0541.json | 150 +++++++------- 2012/1xxx/CVE-2012-1087.json | 140 ++++++------- 2012/1xxx/CVE-2012-1181.json | 180 ++++++++--------- 2012/1xxx/CVE-2012-1335.json | 130 ++++++------ 2012/4xxx/CVE-2012-4101.json | 34 ++-- 2012/4xxx/CVE-2012-4209.json | 360 ++++++++++++++++----------------- 2012/4xxx/CVE-2012-4294.json | 230 ++++++++++----------- 2012/4xxx/CVE-2012-4333.json | 150 +++++++------- 2012/4xxx/CVE-2012-4629.json | 130 ++++++------ 2012/5xxx/CVE-2012-5088.json | 210 +++++++++---------- 2017/2xxx/CVE-2017-2383.json | 150 +++++++------- 2017/2xxx/CVE-2017-2633.json | 232 ++++++++++----------- 2017/2xxx/CVE-2017-2901.json | 142 ++++++------- 2017/3xxx/CVE-2017-3079.json | 160 +++++++-------- 2017/3xxx/CVE-2017-3241.json | 352 ++++++++++++++++---------------- 2017/3xxx/CVE-2017-3587.json | 160 +++++++-------- 2017/3xxx/CVE-2017-3621.json | 142 ++++++------- 2017/6xxx/CVE-2017-6692.json | 130 ++++++------ 2017/6xxx/CVE-2017-6790.json | 142 ++++++------- 2017/6xxx/CVE-2017-6918.json | 130 ++++++------ 2017/7xxx/CVE-2017-7160.json | 170 ++++++++-------- 2017/7xxx/CVE-2017-7815.json | 152 +++++++------- 2017/7xxx/CVE-2017-7816.json | 152 +++++++------- 2017/7xxx/CVE-2017-7981.json | 150 +++++++------- 2018/10xxx/CVE-2018-10103.json | 34 ++-- 2018/10xxx/CVE-2018-10468.json | 130 ++++++------ 2018/10xxx/CVE-2018-10687.json | 34 ++-- 2018/10xxx/CVE-2018-10773.json | 120 +++++------ 2018/14xxx/CVE-2018-14767.json | 140 ++++++------- 2018/14xxx/CVE-2018-14851.json | 210 +++++++++---------- 2018/14xxx/CVE-2018-14905.json | 120 +++++------ 2018/17xxx/CVE-2018-17167.json | 34 ++-- 2018/17xxx/CVE-2018-17566.json | 120 +++++------ 2018/17xxx/CVE-2018-17865.json | 34 ++-- 2018/20xxx/CVE-2018-20074.json | 34 ++-- 2018/20xxx/CVE-2018-20123.json | 140 ++++++------- 2018/20xxx/CVE-2018-20765.json | 34 ++-- 2018/9xxx/CVE-2018-9107.json | 150 +++++++------- 2018/9xxx/CVE-2018-9158.json | 120 +++++------ 2018/9xxx/CVE-2018-9493.json | 162 +++++++-------- 57 files changed, 4302 insertions(+), 4302 deletions(-) diff --git a/2002/0xxx/CVE-2002-0042.json b/2002/0xxx/CVE-2002-0042.json index 46d18832a3b..aa18661d049 100644 --- a/2002/0xxx/CVE-2002-0042.json +++ b/2002/0xxx/CVE-2002-0042.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0042", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0042", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020402-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P" - }, - { - "name" : "irix-xfs-dos(8839)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8839.php" - }, - { - "name" : "4511", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4511", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4511" + }, + { + "name": "irix-xfs-dos(8839)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8839.php" + }, + { + "name": "20020402-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0439.json b/2002/0xxx/CVE-2002-0439.json index ea39bcf71dd..11a9c862d8b 100644 --- a/2002/0xxx/CVE-2002-0439.json +++ b/2002/0xxx/CVE-2002-0439.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0439", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0439", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020311 CaupoShop: cross-site-scripting bug", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/261218" - }, - { - "name" : "cauposhop-user-info-css(8431)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8431.php" - }, - { - "name" : "4270", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4270" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and possibly CaupoShopPro, allows remote attackers to execute arbitrary Javascript and steal credit card numbers or delete items by injecting the script into new customer information fields such as the message field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4270", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4270" + }, + { + "name": "20020311 CaupoShop: cross-site-scripting bug", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/261218" + }, + { + "name": "cauposhop-user-info-css(8431)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8431.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0831.json b/2002/0xxx/CVE-2002-0831.json index ed49a0ca163..ba90e0442bc 100644 --- a/2002/0xxx/CVE-2002-0831.json +++ b/2002/0xxx/CVE-2002-0831.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0831", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0831", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "FreeBSD-SA-02:37.kqueue", - "refsource" : "FREEBSD", - "url" : "http://marc.info/?l=bugtraq&m=102865142610126&w=2" - }, - { - "name" : "freebsd-kqueue-dos(9774)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9774.php" - }, - { - "name" : "5405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5405" - }, - { - "name" : "5069", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5069" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "freebsd-kqueue-dos(9774)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9774.php" + }, + { + "name": "FreeBSD-SA-02:37.kqueue", + "refsource": "FREEBSD", + "url": "http://marc.info/?l=bugtraq&m=102865142610126&w=2" + }, + { + "name": "5405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5405" + }, + { + "name": "5069", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5069" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0930.json b/2002/0xxx/CVE-2002-0930.json index 9e99a72bd78..da5a743881e 100644 --- a/2002/0xxx/CVE-2002-0930.json +++ b/2002/0xxx/CVE-2002-0930.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0930", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0930", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020625 cqure.net.20020521.netware_nwftpd_fmtstr", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/278689" - }, - { - "name" : "20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html" - }, - { - "name" : "5099", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5099" - }, - { - "name" : "netware-ftp-username-dos(9429)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9429.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the FTP server for Novell Netware 6.0 SP1 (NWFTPD) allows remote attackers to cause a denial of service (ABEND) via format strings in the USER command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020625 [VulnWatch] cqure.net.20020521.netware_nwftpd_fmtstr", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0127.html" + }, + { + "name": "netware-ftp-username-dos(9429)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9429.php" + }, + { + "name": "5099", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5099" + }, + { + "name": "20020625 cqure.net.20020521.netware_nwftpd_fmtstr", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/278689" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1039.json b/2002/1xxx/CVE-2002-1039.json index 347f96fb8f3..e01b76f8ffc 100644 --- a/2002/1xxx/CVE-2002-1039.json +++ b/2002/1xxx/CVE-2002-1039.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html" - }, - { - "name" : "20020714 Double Choco Latte multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102668783632589&w=2" - }, - { - "name" : "http://dcl.sourceforge.net/index.php", - "refsource" : "CONFIRM", - "url" : "http://dcl.sourceforge.net/index.php" - }, - { - "name" : "dcl-dotdot-directory-traversal(9743)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9743.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://dcl.sourceforge.net/index.php", + "refsource": "CONFIRM", + "url": "http://dcl.sourceforge.net/index.php" + }, + { + "name": "20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html" + }, + { + "name": "20020714 Double Choco Latte multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102668783632589&w=2" + }, + { + "name": "dcl-dotdot-directory-traversal(9743)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9743.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1210.json b/2002/1xxx/CVE-2002-1210.json index 03f4cb12adb..2c0fb4c4ee6 100644 --- a/2002/1xxx/CVE-2002-1210.json +++ b/2002/1xxx/CVE-2002-1210.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html" - }, - { - "name" : "http://www.idefense.com/advisory/11.19.02b.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/11.19.02b.txt" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.idefense.com/advisory/11.19.02b.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/11.19.02b.txt" + }, + { + "name": "20021119 iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0079.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1336.json b/2002/1xxx/CVE-2002-1336.json index 32687597895..1c5872f081b 100644 --- a/2002/1xxx/CVE-2002-1336.json +++ b/2002/1xxx/CVE-2002-1336.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1336", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1336", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020724 VNC authentication weakness", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102753170201524&w=2" - }, - { - "name" : "20020726 RE: VNC authentication weakness", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102769183913594&w=2" - }, - { - "name" : "http://www.tightvnc.com/WhatsNew.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tightvnc.com/WhatsNew.txt" - }, - { - "name" : "CLA-2003:640", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640" - }, - { - "name" : "MDKSA-2003:022", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022" - }, - { - "name" : "RHSA-2002:287", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-287.html" - }, - { - "name" : "RHSA-2003:041", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-041.html" - }, - { - "name" : "5296", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5296" - }, - { - "name" : "vnc-weak-authentication(5992)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vnc-weak-authentication(5992)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5992" + }, + { + "name": "RHSA-2002:287", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-287.html" + }, + { + "name": "20020724 VNC authentication weakness", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102753170201524&w=2" + }, + { + "name": "RHSA-2003:041", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-041.html" + }, + { + "name": "MDKSA-2003:022", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022" + }, + { + "name": "CLA-2003:640", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640" + }, + { + "name": "http://www.tightvnc.com/WhatsNew.txt", + "refsource": "CONFIRM", + "url": "http://www.tightvnc.com/WhatsNew.txt" + }, + { + "name": "20020726 RE: VNC authentication weakness", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102769183913594&w=2" + }, + { + "name": "5296", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5296" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1415.json b/2002/1xxx/CVE-2002-1415.json index 2abfa5ea827..2bd3a51386f 100644 --- a/2002/1xxx/CVE-2002-1415.json +++ b/2002/1xxx/CVE-2002-1415.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020820 Advisory: DoS in WebEasyMail +more possible?", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/288222" - }, - { - "name" : "5518", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5518" - }, - { - "name" : "webeasymail-smtp-service-dos(9924)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9924.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5518", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5518" + }, + { + "name": "20020820 Advisory: DoS in WebEasyMail +more possible?", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/288222" + }, + { + "name": "webeasymail-smtp-service-dos(9924)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9924.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1661.json b/2002/1xxx/CVE-2002-1661.json index b7e66e36cdc..12392daa2cc 100644 --- a/2002/1xxx/CVE-2002-1661.json +++ b/2002/1xxx/CVE-2002-1661.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1661", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1661", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021229 Leafnode security announcement SA:2002:01", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104127108823436&w=2" - }, - { - "name" : "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt", - "refsource" : "CONFIRM", - "url" : "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt" - }, - { - "name" : "20030102 GLSA: leafnode", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104152295210075&w=2" - }, - { - "name" : "MDKSA-2003:005", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:005" - }, - { - "name" : "6490", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6490" - }, - { - "name" : "1005865", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005865" - }, - { - "name" : "7799", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7799" - }, - { - "name" : "7801", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7801" - }, - { - "name" : "7870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7870" - }, - { - "name" : "leafnode-nntp-dos(10942)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10942" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005865", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005865" + }, + { + "name": "7801", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7801" + }, + { + "name": "7870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7870" + }, + { + "name": "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt", + "refsource": "CONFIRM", + "url": "http://leafnode.sourceforge.net/leafnode-SA-2002-01.txt" + }, + { + "name": "20021229 Leafnode security announcement SA:2002:01", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104127108823436&w=2" + }, + { + "name": "20030102 GLSA: leafnode", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104152295210075&w=2" + }, + { + "name": "leafnode-nntp-dos(10942)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10942" + }, + { + "name": "7799", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7799" + }, + { + "name": "6490", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6490" + }, + { + "name": "MDKSA-2003:005", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:005" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0034.json b/2003/0xxx/CVE-2003-0034.json index 39d9f5c2664..f037117107c 100644 --- a/2003/0xxx/CVE-2003-0034.json +++ b/2003/0xxx/CVE-2003-0034.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.idefense.com/advisory/01.21.03.txt", - "refsource" : "MISC", - "url" : "http://www.idefense.com/advisory/01.21.03.txt" - }, - { - "name" : "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html" - }, - { - "name" : "MDKSA-2003:010", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010" - }, - { - "name" : "6656", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6656" - }, - { - "name" : "1005959", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the mtink status monitor, as included in the printer-drivers package in Mandrake Linux, allows local users to execute arbitrary code via a long HOME environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030121 iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html" + }, + { + "name": "1005959", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005959" + }, + { + "name": "MDKSA-2003:010", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:010" + }, + { + "name": "6656", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6656" + }, + { + "name": "http://www.idefense.com/advisory/01.21.03.txt", + "refsource": "MISC", + "url": "http://www.idefense.com/advisory/01.21.03.txt" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0178.json b/2003/0xxx/CVE-2003-0178.json index 72248fec024..891c0e2a002 100644 --- a/2003/0xxx/CVE-2003-0178.json +++ b/2003/0xxx/CVE-2003-0178.json @@ -1,157 +1,157 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0178", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0178", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104550063431461&w=2" - }, - { - "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2" - }, - { - "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104550063431463&w=2" - }, - { - "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2" - }, - { - "name" : "20030217 Domino Advisories UPDATE", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2" - }, - { - "name" : "20030217 Domino Advisories UPDATE", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2" - }, - { - "name" : "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html" - }, - { - "name" : "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html" - }, - { - "name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html" - }, - { - "name" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt" - }, - { - "name" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt", - "refsource" : "MISC", - "url" : "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt" - }, - { - "name" : "CA-2003-11", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-11.html" - }, - { - "name" : "VU#206361", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/206361" - }, - { - "name" : "VU#542873", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/542873" - }, - { - "name" : "VU#772817", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/772817" - }, - { - "name" : "N-065", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml" - }, - { - "name" : "6870", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6870" - }, - { - "name" : "6871", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6871" - }, - { - "name" : "lotus-domino-hostname-bo(11337)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337" - }, - { - "name" : "lotus-domino-inotes-bo(11336)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104550063431463&w=2" + }, + { + "name": "VU#772817", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/772817" + }, + { + "name": "20030217 Domino Advisories UPDATE", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104550335103136&w=2" + }, + { + "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0080.html" + }, + { + "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104550063431461&w=2" + }, + { + "name": "VU#542873", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/542873" + }, + { + "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0081.html" + }, + { + "name": "CA-2003-11", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-11.html" + }, + { + "name": "20030217 Lotus Domino Web Server iNotes Overflow (#NISR17022003b)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=104558777531350&w=2" + }, + { + "name": "20030217 Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=104558777331345&w=2" + }, + { + "name": "lotus-domino-hostname-bo(11337)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11337" + }, + { + "name": "VU#206361", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/206361" + }, + { + "name": "lotus-domino-inotes-bo(11336)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11336" + }, + { + "name": "20030217 Domino Advisories UPDATE", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2" + }, + { + "name": "6870", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6870" + }, + { + "name": "N-065", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-065.shtml" + }, + { + "name": "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html" + }, + { + "name": "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/lotus-hostlocbo.txt" + }, + { + "name": "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt", + "refsource": "MISC", + "url": "http://www.nextgenss.com/advisories/lotus-inotesoflow.txt" + }, + { + "name": "6871", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6871" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0196.json b/2003/0xxx/CVE-2003-0196.json index 92ab1834f27..5fe39dc4a7b 100644 --- a/2003/0xxx/CVE-2003-0196.json +++ b/2003/0xxx/CVE-2003-0196.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0196", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0196", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104973186901597&w=2" - }, - { - "name" : "DSA-280", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-280" - }, - { - "name" : "MDKSA-2003:044", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044" - }, - { - "name" : "RHSA-2003:137", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-137.html" - }, - { - "name" : "20030407 Immunix Secured OS 7+ samba update", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104974612519064&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:564", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as discovered by the Samba team and a different vulnerability than CVE-2003-0201." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:564", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A564" + }, + { + "name": "DSA-280", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-280" + }, + { + "name": "MDKSA-2003:044", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:044" + }, + { + "name": "RHSA-2003:137", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-137.html" + }, + { + "name": "20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104973186901597&w=2" + }, + { + "name": "20030407 Immunix Secured OS 7+ samba update", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104974612519064&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0812.json b/2003/0xxx/CVE-2003-0812.json index 0729c6bb180..6ee5d567c6a 100644 --- a/2003/0xxx/CVE-2003-0812.json +++ b/2003/0xxx/CVE-2003-0812.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106859247713009&w=2" - }, - { - "name" : "20031112 Proof of concept for Windows Workstation Service overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106865197102041&w=2" - }, - { - "name" : "MS03-049", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049" - }, - { - "name" : "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml" - }, - { - "name" : "CA-2003-28", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-28.html" - }, - { - "name" : "VU#567620", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/567620" - }, - { - "name" : "9011", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9011" - }, - { - "name" : "oval:org.mitre.oval:def:331", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331" - }, - { - "name" : "oval:org.mitre.oval:def:575", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file (\"NetSetup.LOG\"), as demonstrated using the NetAddAlternateComputerName API." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040129 Buffer Overrun in Microsoft Windows 2000 Workstation Service (MS03-049)", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20040129-ms03-049.shtml" + }, + { + "name": "MS03-049", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-049" + }, + { + "name": "9011", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9011" + }, + { + "name": "20031111 EEYE: Windows Workstation Service Remote Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106859247713009&w=2" + }, + { + "name": "VU#567620", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/567620" + }, + { + "name": "20031112 Proof of concept for Windows Workstation Service overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106865197102041&w=2" + }, + { + "name": "oval:org.mitre.oval:def:331", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A331" + }, + { + "name": "CA-2003-28", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-28.html" + }, + { + "name": "oval:org.mitre.oval:def:575", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A575" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1177.json b/2003/1xxx/CVE-2003-1177.json index 6dc07499abb..340fb5f31fc 100644 --- a/2003/1xxx/CVE-2003-1177.json +++ b/2003/1xxx/CVE-2003-1177.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1177", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1177", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html" - }, - { - "name" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html", - "refsource" : "CONFIRM", - "url" : "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html" - }, - { - "name" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html" - }, - { - "name" : "8861", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8861" - }, - { - "name" : "8889", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8889" - }, - { - "name" : "2688", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2688" - }, - { - "name" : "10038", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10038" - }, - { - "name" : "mercur-auth-command-dos(13468)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8861", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8861" + }, + { + "name": "10038", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10038" + }, + { + "name": "8889", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8889" + }, + { + "name": "2688", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2688" + }, + { + "name": "20031024 Vulnerability in MERCUR Mail Server v4.2 SP3 and below", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html" + }, + { + "name": "mercur-auth-command-dos(13468)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13468" + }, + { + "name": "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html", + "refsource": "CONFIRM", + "url": "http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1239.json b/2003/1xxx/CVE-2003-1239.json index 7ac0fcb89b5..cf606819d80 100644 --- a/2003/1xxx/CVE-2003-1239.json +++ b/2003/1xxx/CVE-2003-1239.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1239", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1239", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030223 WihPhoto (PHP)", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/312966" - }, - { - "name" : "20030223 WihPhoto (PHP)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html" - }, - { - "name" : "6929", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6929" - }, - { - "name" : "wihphoto-sendphoto-file-disclosure(11429)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11429.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 allows remote attackers to read arbitrary files via .. specifiers in the album parameter, and the target filename in the pic parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030223 WihPhoto (PHP)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0092.html" + }, + { + "name": "wihphoto-sendphoto-file-disclosure(11429)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11429.php" + }, + { + "name": "6929", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6929" + }, + { + "name": "20030223 WihPhoto (PHP)", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/312966" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2559.json b/2004/2xxx/CVE-2004-2559.json index 350e6bf860d..dae6eae2645 100644 --- a/2004/2xxx/CVE-2004-2559.json +++ b/2004/2xxx/CVE-2004-2559.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2559", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2559", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://wiki.splitbrain.org/wiki:old_changes", - "refsource" : "CONFIRM", - "url" : "http://wiki.splitbrain.org/wiki:old_changes" - }, - { - "name" : "11005", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11005" - }, - { - "name" : "1011802", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011802" - }, - { - "name" : "dokuwiki-acl-gain-access(17799)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1011802", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011802" + }, + { + "name": "dokuwiki-acl-gain-access(17799)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799" + }, + { + "name": "11005", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11005" + }, + { + "name": "http://wiki.splitbrain.org/wiki:old_changes", + "refsource": "CONFIRM", + "url": "http://wiki.splitbrain.org/wiki:old_changes" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0493.json b/2012/0xxx/CVE-2012-0493.json index 65a1d3da256..921f5a35358 100644 --- a/2012/0xxx/CVE-2012-0493.json +++ b/2012/0xxx/CVE-2012-0493.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "78394", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78394" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - }, - { - "name" : "mysql-serveruns15-dos(72538)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72538" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "mysql-serveruns15-dos(72538)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72538" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "78394", + "refsource": "OSVDB", + "url": "http://osvdb.org/78394" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0541.json b/2012/0xxx/CVE-2012-0541.json index 2a75701c8cf..1a8bab5d925 100644 --- a/2012/0xxx/CVE-2012-0541.json +++ b/2012/0xxx/CVE-2012-0541.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53100", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53100" - }, - { - "name" : "1026953", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026953" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026953", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026953" + }, + { + "name": "53100", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53100" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1087.json b/2012/1xxx/CVE-2012-1087.json index 6ceb461dcdc..9f165946eaa 100644 --- a/2012/1xxx/CVE-2012-1087.json +++ b/2012/1xxx/CVE-2012-1087.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1087", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1087", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/" - }, - { - "name" : "78789", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78789" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "78789", + "refsource": "OSVDB", + "url": "http://osvdb.org/78789" + }, + { + "name": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/", + "refsource": "CONFIRM", + "url": "http://typo3.org/extensions/repository/view/bc_post2facebook/0.2.2/" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1181.json b/2012/1xxx/CVE-2012-1181.json index e1ca444318d..ddfc0e5069e 100644 --- a/2012/1xxx/CVE-2012-1181.json +++ b/2012/1xxx/CVE-2012-1181.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1181", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1181", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/15/10" - }, - { - "name" : "[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/16/2" - }, - { - "name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814", - "refsource" : "CONFIRM", - "url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814" - }, - { - "name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902" - }, - { - "name" : "DSA-2436", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2436" - }, - { - "name" : "52565", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52565" - }, - { - "name" : "apache-modfcgid-dos(74181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP Server does not recognize the FcgidMaxProcessesPerClass directive for a virtual host, which makes it easier for remote attackers to cause a denial of service (memory consumption) via a series of HTTP requests that triggers a process count higher than the intended limit." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120315 Re: CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/16/2" + }, + { + "name": "apache-modfcgid-dos(74181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74181" + }, + { + "name": "DSA-2436", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2436" + }, + { + "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814", + "refsource": "CONFIRM", + "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615814" + }, + { + "name": "52565", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52565" + }, + { + "name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=49902" + }, + { + "name": "[oss-security] 20120315 CVE-request: apache's mod-fcgid does not respect configured FcgidMaxProcessesPerClass in VirtualHost", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/15/10" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1335.json b/2012/1xxx/CVE-2012-1335.json index 6ed4ccf0cf0..53ffefa2629 100644 --- a/2012/1xxx/CVE-2012-1335.json +++ b/2012/1xxx/CVE-2012-1335.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1335", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1335", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex" - }, - { - "name" : "1026888", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L through SP11 EP26, T27 LB through SP21 EP10, T27 LC before SP25 EP10, and T27 LD before SP32 CP1 allows remote attackers to execute arbitrary code via a crafted WRF file, a different vulnerability than CVE-2012-1336 and CVE-2012-1337." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120404 Buffer Overflow Vulnerabilities in the Cisco WebEx Player", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120404-webex" + }, + { + "name": "1026888", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026888" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4101.json b/2012/4xxx/CVE-2012-4101.json index 75c1eb8439c..88934197b00 100644 --- a/2012/4xxx/CVE-2012-4101.json +++ b/2012/4xxx/CVE-2012-4101.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4101", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4101", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4209.json b/2012/4xxx/CVE-2012-4209.json index cc3d1e0973c..4e783b4db4b 100644 --- a/2012/4xxx/CVE-2012-4209.json +++ b/2012/4xxx/CVE-2012-4209.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792405", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" - }, - { - "name" : "MDVSA-2012:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56629", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56629" - }, - { - "name" : "oval:org.mitre.oval:def:16880", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-toplocation-xss(80181)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 do not prevent use of a \"top\" frame name-attribute value to access the location property, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a binary plugin." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=792405" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "firefox-toplocation-xss(80181)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80181" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-103.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "MDVSA-2012:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "56629", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56629" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "oval:org.mitre.oval:def:16880", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16880" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4294.json b/2012/4xxx/CVE-2012-4294.json index e4e81f5ad23..d965949cd62 100644 --- a/2012/4xxx/CVE-2012-4294.json +++ b/2012/4xxx/CVE-2012-4294.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4294", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4294", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15673", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15673" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 allows remote attackers to execute arbitrary code via a large speed (aka rate) value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44377&r2=44376&pathrev=44377" + }, + { + "name": "oval:org.mitre.oval:def:15673", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15673" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44377" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-16.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-16.html" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4333.json b/2012/4xxx/CVE-2012-4333.json index 9effc8491c9..8327c970959 100644 --- a/2012/4xxx/CVE-2012-4333.json +++ b/2012/4xxx/CVE-2012-4333.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4333", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4333", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18765", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18765" - }, - { - "name" : "53193", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53193" - }, - { - "name" : "48966", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48966" - }, - { - "name" : "netiware-activex-control-bo(75070)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75070" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18765", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18765" + }, + { + "name": "53193", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53193" + }, + { + "name": "48966", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48966" + }, + { + "name": "netiware-activex-control-bo(75070)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75070" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4629.json b/2012/4xxx/CVE-2012-4629.json index 8f23176e32d..1257af4aff3 100644 --- a/2012/4xxx/CVE-2012-4629.json +++ b/2012/4xxx/CVE-2012-4629.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4629", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4629", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx" - }, - { - "name" : "55515", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55515" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for Adaptive Security Appliances (ASA) devices, and Prime Security Manager (aka PRSM) before 9.0.2-103, allows remote attackers to cause a denial of service (disk consumption and application hang) via unspecified IPv4 packets that trigger log entries, aka Bug ID CSCub70603." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120912 Cisco ASA-CX and Cisco PRSM Log Retention Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120912-asacx" + }, + { + "name": "55515", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55515" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5088.json b/2012/5xxx/CVE-2012-5088.json index 0c82b43c8dc..53e78862d30 100644 --- a/2012/5xxx/CVE-2012-5088.json +++ b/2012/5xxx/CVE-2012-5088.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "oval:org.mitre.oval:def:16605", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "javaruntimeenvironment-lib-cve20125088(79420)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79420" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "oval:org.mitre.oval:def:16605", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16605" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "javaruntimeenvironment-lib-cve20125088(79420)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79420" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2383.json b/2017/2xxx/CVE-2017-2383.json index dc7f3f0f0df..a4a8960d5c3 100644 --- a/2017/2xxx/CVE-2017-2383.json +++ b/2017/2xxx/CVE-2017-2383.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2383", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2383", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207599", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207599" - }, - { - "name" : "https://support.apple.com/HT207607", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207607" - }, - { - "name" : "97175", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97175" - }, - { - "name" : "1038157", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038157" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the \"APNs Server\" component. It allows man-in-the-middle attackers to track users via correlation with this certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038157", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038157" + }, + { + "name": "97175", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97175" + }, + { + "name": "https://support.apple.com/HT207607", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207607" + }, + { + "name": "https://support.apple.com/HT207599", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207599" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2633.json b/2017/2xxx/CVE-2017-2633.json index daea759c756..2968ff37e57 100644 --- a/2017/2xxx/CVE-2017-2633.json +++ b/2017/2xxx/CVE-2017-2633.json @@ -1,118 +1,118 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Qemu:", - "version" : { - "version_data" : [ - { - "version_value" : "1.7.2" - } - ] - } - } - ] - }, - "vendor_name" : "QEMU" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", - "version" : "3.0" - } - ], - [ - { - "vectorString" : "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P", - "version" : "2.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-120" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Qemu:", + "version": { + "version_data": [ + { + "version_value": "1.7.2" + } + ] + } + } + ] + }, + "vendor_name": "QEMU" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/23/1" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7" - }, - { - "name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef", - "refsource" : "CONFIRM", - "url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef" - }, - { - "name" : "RHSA-2017:1205", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1205" - }, - { - "name" : "RHSA-2017:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1206" - }, - { - "name" : "RHSA-2017:1441", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1441" - }, - { - "name" : "RHSA-2017:1856", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1856" - }, - { - "name" : "96417", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96417" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_server_surface'. A user inside a guest could use this flaw to crash the QEMU process." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L", + "version": "3.0" + } + ], + [ + { + "vectorString": "3.8/AV:A/AC:M/Au:S/C:N/I:P/A:P", + "version": "2.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170223 CVE-2017-2633 Qemu: VNC: memory corruption due to unchecked resolution limit", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/23/1" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef" + }, + { + "name": "RHSA-2017:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1206" + }, + { + "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7", + "refsource": "CONFIRM", + "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9f64916da20eea67121d544698676295bbb105a7" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2633" + }, + { + "name": "RHSA-2017:1441", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1441" + }, + { + "name": "96417", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96417" + }, + { + "name": "RHSA-2017:1856", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1856" + }, + { + "name": "RHSA-2017:1205", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1205" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2901.json b/2017/2xxx/CVE-2017-2901.json index 5efb1a4e272..352add8c503 100644 --- a/2017/2xxx/CVE-2017-2901.json +++ b/2017/2xxx/CVE-2017-2901.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2018-01-11T00:00:00", - "ID" : "CVE-2017-2901", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Blender", - "version" : { - "version_data" : [ - { - "version_value" : "v2.78c" - } - ] - } - } - ] - }, - "vendor_name" : "Blender" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "buffer overflow" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2018-01-11T00:00:00", + "ID": "CVE-2017-2901", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Blender", + "version": { + "version_data": [ + { + "version_value": "v2.78c" + } + ] + } + } + ] + }, + "vendor_name": "Blender" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" - }, - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408" - }, - { - "name" : "DSA-4248", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4248" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "buffer overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" + }, + { + "name": "DSA-4248", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4248" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3079.json b/2017/3xxx/CVE-2017-3079.json index 78159b39778..40b65415701 100644 --- a/2017/3xxx/CVE-2017-3079.json +++ b/2017/3xxx/CVE-2017-3079.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3079", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3079", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99025", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99025" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the internal representation of raster data. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99025", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99025" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3241.json b/2017/3xxx/CVE-2017-3241.json index 611f21bee85..af4963b75e3 100644 --- a/2017/3xxx/CVE-2017-3241.json +++ b/2017/3xxx/CVE-2017-3241.json @@ -1,178 +1,178 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3241", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Java SE", - "version" : { - "version_data" : [ - { - "version_value" : "6u131" - }, - { - "version_value" : "7u121" - }, - { - "version_value" : "8u112" - } - ] - } - }, - { - "product_name" : "Java SE Embedded", - "version" : { - "version_data" : [ - { - "version_value" : "8u111" - } - ] - } - }, - { - "product_name" : "JRockit", - "version" : { - "version_data" : [ - { - "version_value" : "R28.3.12" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3241", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Java SE", + "version": { + "version_data": [ + { + "version_value": "6u131" + }, + { + "version_value": "7u121" + }, + { + "version_value": "8u112" + } + ] + } + }, + { + "product_name": "Java SE Embedded", + "version": { + "version_data": [ + { + "version_value": "8u111" + } + ] + } + }, + { + "product_name": "JRockit", + "version": { + "version_data": [ + { + "version_value": "R28.3.12" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41145", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41145/" - }, - { - "name" : "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/", - "refsource" : "MISC", - "url" : "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20170119-0001/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20170119-0001/" - }, - { - "name" : "DSA-3782", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3782" - }, - { - "name" : "GLSA-201701-65", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201701-65" - }, - { - "name" : "GLSA-201707-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-01" - }, - { - "name" : "RHSA-2017:0175", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0175.html" - }, - { - "name" : "RHSA-2017:0176", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0176.html" - }, - { - "name" : "RHSA-2017:0177", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0177.html" - }, - { - "name" : "RHSA-2017:0180", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0180.html" - }, - { - "name" : "RHSA-2017:0263", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0263.html" - }, - { - "name" : "RHSA-2017:0269", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0269.html" - }, - { - "name" : "RHSA-2017:0336", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0336.html" - }, - { - "name" : "RHSA-2017:0337", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0337.html" - }, - { - "name" : "RHSA-2017:0338", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0338.html" - }, - { - "name" : "RHSA-2017:1216", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1216" - }, - { - "name" : "95488", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95488" - }, - { - "name" : "1037637", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037637" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS v3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0338", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0338.html" + }, + { + "name": "DSA-3782", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3782" + }, + { + "name": "RHSA-2017:0176", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0176.html" + }, + { + "name": "GLSA-201701-65", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201701-65" + }, + { + "name": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/", + "refsource": "MISC", + "url": "https://erpscan.io/advisories/erpscan-17-006-oracle-openjdk-java-serialization-dos-vulnerability/" + }, + { + "name": "RHSA-2017:0180", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0180.html" + }, + { + "name": "1037637", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037637" + }, + { + "name": "GLSA-201707-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-01" + }, + { + "name": "RHSA-2017:0175", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0175.html" + }, + { + "name": "RHSA-2017:0177", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0177.html" + }, + { + "name": "RHSA-2017:0263", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0263.html" + }, + { + "name": "RHSA-2017:1216", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1216" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20170119-0001/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20170119-0001/" + }, + { + "name": "RHSA-2017:0269", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0269.html" + }, + { + "name": "41145", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41145/" + }, + { + "name": "95488", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95488" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "RHSA-2017:0337", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0337.html" + }, + { + "name": "RHSA-2017:0336", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0336.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3587.json b/2017/3xxx/CVE-2017-3587.json index 61748317ee6..1ec8cd652d8 100644 --- a/2017/3xxx/CVE-2017-3587.json +++ b/2017/3xxx/CVE-2017-3587.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Oracle VM VirtualBox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "5.0.38" - }, - { - "version_affected" : "<", - "version_value" : "5.1.20" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Oracle VM VirtualBox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "5.0.38" + }, + { + "version_affected": "<", + "version_value": "5.1.20" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "41932", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41932/" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97750" - }, - { - "name" : "1038288", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038288", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038288" + }, + { + "name": "41932", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41932/" + }, + { + "name": "97750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97750" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3621.json b/2017/3xxx/CVE-2017-3621.json index 97d3be92245..7a1d7be0505 100644 --- a/2017/3xxx/CVE-2017-3621.json +++ b/2017/3xxx/CVE-2017-3621.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3621", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Sun ZFS Storage Appliance Kit (AK) Software", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "AK 2013" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK)." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3621", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Sun ZFS Storage Appliance Kit (AK) Software", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "AK 2013" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97801", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97801" - }, - { - "name" : "1038292", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: IPC Frameworks). The supported version that is affected is AK 2013. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Sun ZFS Storage Appliance Kit (AK). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance Kit (AK)." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038292", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038292" + }, + { + "name": "97801", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97801" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6692.json b/2017/6xxx/CVE-2017-6692.json index f18ab315099..0c8bbef7745 100644 --- a/2017/6xxx/CVE-2017-6692.json +++ b/2017/6xxx/CVE-2017-6692.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Ultra Services Framework Element Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Ultra Services Framework Element Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Insecure Default Account Information Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Ultra Services Framework Element Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Ultra Services Framework Element Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6" - }, - { - "name" : "98980", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98980" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCvd85710. Known Affected Releases: 21.0.v0.65839." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Insecure Default Account Information Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-usf6" + }, + { + "name": "98980", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98980" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6790.json b/2017/6xxx/CVE-2017-6790.json index eb15b0cebc0..1daac6624ba 100644 --- a/2017/6xxx/CVE-2017-6790.json +++ b/2017/6xxx/CVE-2017-6790.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2017-08-16T00:00:00", - "ID" : "CVE-2017-6790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TelePresence Video Communication Server (VCS)", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco Systems, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2017-08-16T00:00:00", + "ID": "CVE-2017-6790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TelePresence Video Communication Server (VCS)", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco Systems, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs" - }, - { - "name" : "100369", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100369" - }, - { - "name" : "1039185", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the Session Initiation Protocol (SIP) on the Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the targeted appliance. The vulnerability is due to excessive SIP traffic sent to the device. An attacker could exploit this vulnerability by transmitting large volumes of SIP traffic to the VCS. An exploit could allow the attacker to cause a complete DoS condition on the targeted system. Cisco Bug IDs: CSCve32897." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100369", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100369" + }, + { + "name": "1039185", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039185" + }, + { + "name": "20170816 Cisco TelePresence Video Communication Server Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-vcs" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6918.json b/2017/6xxx/CVE-2017-6918.json index a78b323d9a8..c36a9bdd53e 100644 --- a/2017/6xxx/CVE-2017-6918.json +++ b/2017/6xxx/CVE-2017-6918.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" - }, - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/275", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the admin/settings/update/ page. The Navigation Social can be changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" + }, + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/275", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/275" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7160.json b/2017/7xxx/CVE-2017-7160.json index 2a0d7fadfe0..916db2b4ceb 100644 --- a/2017/7xxx/CVE-2017-7160.json +++ b/2017/7xxx/CVE-2017-7160.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7160", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7160", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208324", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208324" - }, - { - "name" : "https://support.apple.com/HT208326", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208326" - }, - { - "name" : "https://support.apple.com/HT208327", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208327" - }, - { - "name" : "https://support.apple.com/HT208328", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208328" - }, - { - "name" : "https://support.apple.com/HT208334", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208334" - }, - { - "name" : "USN-3551-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3551-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208327", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208327" + }, + { + "name": "https://support.apple.com/HT208334", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208334" + }, + { + "name": "https://support.apple.com/HT208324", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208324" + }, + { + "name": "https://support.apple.com/HT208326", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208326" + }, + { + "name": "USN-3551-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3551-1/" + }, + { + "name": "https://support.apple.com/HT208328", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208328" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7815.json b/2017/7xxx/CVE-2017-7815.json index 19e68069952..71b1129f410 100644 --- a/2017/7xxx/CVE-2017-7815.json +++ b/2017/7xxx/CVE-2017-7815.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7815", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Spoofing attack with modal dialogs on non-e10s installations" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7815", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "101057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101057" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On pages containing an iframe, the \"data:\" protocol can be used to create a modal dialog through Javascript that will have an arbitrary domains as the dialog's location, spoofing of the origin of the modal dialog from the user view. Note: This attack only affects installations with e10 multiprocess turned off. Installations with e10s turned on do not support the modal dialog functionality. This vulnerability affects Firefox < 56." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Spoofing attack with modal dialogs on non-e10s installations" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368981" + }, + { + "name": "101057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101057" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7816.json b/2017/7xxx/CVE-2017-7816.json index 809185b0efa..49bf0f5cd03 100644 --- a/2017/7xxx/CVE-2017-7816.json +++ b/2017/7xxx/CVE-2017-7816.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "56" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "WebExtensions can load about: URLs in extension UI" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "56" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/" - }, - { - "name" : "101057", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101057" - }, - { - "name" : "1039465", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039465" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebExtensions could use popups and panels in the extension UI to load an \"about:\" privileged URL, violating security checks that disallow this behavior. This vulnerability affects Firefox < 56." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "WebExtensions can load about: URLs in extension UI" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039465", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039465" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1380597" + }, + { + "name": "101057", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101057" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7981.json b/2017/7xxx/CVE-2017-7981.json index 6c33cf25fb5..ea05753a36a 100644 --- a/2017/7xxx/CVE-2017-7981.json +++ b/2017/7xxx/CVE-2017-7981.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7981", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an authenticated Tuleap user can control this value, even with shell metacharacters, as demonstrated by a '