diff --git a/2002/1xxx/CVE-2002-1583.json b/2002/1xxx/CVE-2002-1583.json index a7967d67253..b216d9054bf 100644 --- a/2002/1xxx/CVE-2002-1583.json +++ b/2002/1xxx/CVE-2002-1583.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1583", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1583", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MSS-OAR-E01-2002:318.1", - "refsource" : "IBM", - "url" : "http://www.securitytracker.com/alerts/2002/May/1004352.html" - }, - { - "name" : "4817", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4817" - }, - { - "name" : "ibm-db2-db2ckpw-bo(9078)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9078.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4817", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4817" + }, + { + "name": "MSS-OAR-E01-2002:318.1", + "refsource": "IBM", + "url": "http://www.securitytracker.com/alerts/2002/May/1004352.html" + }, + { + "name": "ibm-db2-db2ckpw-bo(9078)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9078.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1926.json b/2002/1xxx/CVE-2002-1926.json index 16313e28596..b8c53a6308f 100644 --- a/2002/1xxx/CVE-2002-1926.json +++ b/2002/1xxx/CVE-2002-1926.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1926", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1926", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020821 bugtraq@security.nnov.ru list issues [2]", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html" - }, - { - "name" : "5533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5533" - }, - { - "name" : "aquonics-filemanager-directory-traversal(9929)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9929.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020821 bugtraq@security.nnov.ru list issues [2]", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html" + }, + { + "name": "5533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5533" + }, + { + "name": "aquonics-filemanager-directory-traversal(9929)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9929.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0100.json b/2003/0xxx/CVE-2003-0100.json index c4eff81e955..c2c6e4fd1ad 100644 --- a/2003/0xxx/CVE-2003-0100.json +++ b/2003/0xxx/CVE-2003-0100.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030220 Cisco IOS OSPF exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104576100719090&w=2" - }, - { - "name" : "20030221 Re: Cisco IOS OSPF exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104587206702715&w=2" - }, - { - "name" : "6895", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6895" - }, - { - "name" : "cisco-ios-ospf-bo(11373)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11373.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030221 Re: Cisco IOS OSPF exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104587206702715&w=2" + }, + { + "name": "cisco-ios-ospf-bo(11373)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11373.php" + }, + { + "name": "20030220 Cisco IOS OSPF exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104576100719090&w=2" + }, + { + "name": "6895", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6895" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0210.json b/2003/0xxx/CVE-2003-0210.json index 1c03b742b10..0a29ef47543 100644 --- a/2003/0xxx/CVE-2003-0210.json +++ b/2003/0xxx/CVE-2003-0210.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0210", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0210", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105120066126196&w=2" - }, - { - "name" : "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105118056332344&w=2" - }, - { - "name" : "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml" - }, - { - "name" : "VU#697049", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/697049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port 2002." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105118056332344&w=2" + }, + { + "name": "20030424 NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105120066126196&w=2" + }, + { + "name": "20030423 Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030423-ACS.shtml" + }, + { + "name": "VU#697049", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/697049" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0227.json b/2003/0xxx/CVE-2003-0227.json index 049602906b7..65b7f791c17 100644 --- a/2003/0xxx/CVE-2003-0227.json +++ b/2003/0xxx/CVE-2003-0227.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0227", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0227", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030528 MS03-019: DoS or Code of Choice", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105421176432011&w=2" - }, - { - "name" : "20030528 Re: Alert: MS03-019, Microsoft... wrong, again.", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105421127531558&w=2" - }, - { - "name" : "20030528 RE: Alert: MS03-019, Microsoft... wrong, again.", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105427615626177&w=2" - }, - { - "name" : "MS03-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019" - }, - { - "name" : "oval:org.mitre.oval:def:936", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936" - }, - { - "name" : "oval:org.mitre.oval:def:966", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:966", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A966" + }, + { + "name": "20030528 RE: Alert: MS03-019, Microsoft... wrong, again.", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105427615626177&w=2" + }, + { + "name": "MS03-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-019" + }, + { + "name": "20030528 MS03-019: DoS or Code of Choice", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105421176432011&w=2" + }, + { + "name": "20030528 Re: Alert: MS03-019, Microsoft... wrong, again.", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105421127531558&w=2" + }, + { + "name": "oval:org.mitre.oval:def:936", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A936" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0373.json b/2003/0xxx/CVE-2003-0373.json index 00563454cd1..2ef1bb13d2b 100644 --- a/2003/0xxx/CVE-2003-0373.json +++ b/2003/0xxx/CVE-2003-0373.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030522 Potential security vulnerability in Nessus", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105364059803427&w=2" - }, - { - "name" : "20030523 nessus NASL scripting engine security issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105369506714849&w=2" - }, - { - "name" : "7664", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7664" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code via (1) a long proto argument to the scanner_add_port function, (2) a long user argument to the ftp_log_in function, (3) a long pass argument to the ftp_log_in function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030522 Potential security vulnerability in Nessus", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105364059803427&w=2" + }, + { + "name": "20030523 nessus NASL scripting engine security issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105369506714849&w=2" + }, + { + "name": "7664", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7664" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1362.json b/2003/1xxx/CVE-2003-1362.json index 2793e4df17c..90bcfa6c87a 100644 --- a/2003/1xxx/CVE-2003-1362.json +++ b/2003/1xxx/CVE-2003-1362.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1362", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1362", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBUX0302-245", - "refsource" : "HP", - "url" : "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html" - }, - { - "name" : "hp-bastille-info-disclosure(11366)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366" - }, - { - "name" : "6878", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6878" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configure the (1) NOVRFY and (2) NOEXPN options in the sendmail.cf file, which could allow remote attackers to verify the existence of system users and expand defined sendmail aliases." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "HPSBUX0302-245", + "refsource": "HP", + "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0033.html" + }, + { + "name": "hp-bastille-info-disclosure(11366)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11366" + }, + { + "name": "6878", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6878" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1406.json b/2003/1xxx/CVE-2003-1406.json index 01658d0382c..2cd68442d07 100644 --- a/2003/1xxx/CVE-2003-1406.json +++ b/2003/1xxx/CVE-2003-1406.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1406", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1406", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030216 D-Forum (PHP)", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html" - }, - { - "name" : "6879", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6879" - }, - { - "name" : "dform-header-file-include(11342)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11342" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030216 D-Forum (PHP)", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html" + }, + { + "name": "6879", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6879" + }, + { + "name": "dform-header-file-include(11342)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11342" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1521.json b/2003/1xxx/CVE-2003-1521.json index 504d3376e9a..0e2d6bff5ad 100644 --- a/2003/1xxx/CVE-2003-1521.json +++ b/2003/1xxx/CVE-2003-1521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/341943" - }, - { - "name" : "8867", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8867" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8867", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8867" + }, + { + "name": "20031021 IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/341943" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2059.json b/2004/2xxx/CVE-2004-2059.json index d0daf3ab43f..81e3b11c3f8 100644 --- a/2004/2xxx/CVE-2004-2059.json +++ b/2004/2xxx/CVE-2004-2059.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2059", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2059", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040726 ASPRunner Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=109086977330418&w=2" - }, - { - "name" : "20040726 ASPRunner Multiple Vulnerabilities", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html" - }, - { - "name" : "http://ferruh.mavituna.com/article/?574", - "refsource" : "MISC", - "url" : "http://ferruh.mavituna.com/article/?574" - }, - { - "name" : "10799", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10799" - }, - { - "name" : "8254", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8254" - }, - { - "name" : "8255", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8255" - }, - { - "name" : "8256", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8256" - }, - { - "name" : "8257", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8257" - }, - { - "name" : "1010777", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1010777" - }, - { - "name" : "12164", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12164" - }, - { - "name" : "asprunner-xss(16801)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "asprunner-xss(16801)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16801" + }, + { + "name": "http://ferruh.mavituna.com/article/?574", + "refsource": "MISC", + "url": "http://ferruh.mavituna.com/article/?574" + }, + { + "name": "8256", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8256" + }, + { + "name": "12164", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12164" + }, + { + "name": "20040726 ASPRunner Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=109086977330418&w=2" + }, + { + "name": "8255", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8255" + }, + { + "name": "1010777", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1010777" + }, + { + "name": "20040726 ASPRunner Multiple Vulnerabilities", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0011.html" + }, + { + "name": "10799", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10799" + }, + { + "name": "8254", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8254" + }, + { + "name": "8257", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8257" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2394.json b/2004/2xxx/CVE-2004-2394.json index b9f3b0a3836..b3d0802d4af 100644 --- a/2004/2xxx/CVE-2004-2394.json +++ b/2004/2xxx/CVE-2004-2394.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2394", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2394", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MDKSA-2004:045", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:045" - }, - { - "name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060" - }, - { - "name" : "10370", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10370" - }, - { - "name" : "passwd-stdin-offbyone-bo(16178)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16178" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10370", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10370" + }, + { + "name": "MDKSA-2004:045", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:045" + }, + { + "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060", + "refsource": "CONFIRM", + "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060" + }, + { + "name": "passwd-stdin-offbyone-bo(16178)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16178" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2597.json b/2004/2xxx/CVE-2004-2597.json index bcb1ddfb001..7019d9cc331 100644 --- a/2004/2xxx/CVE-2004-2597.json +++ b/2004/2xxx/CVE-2004-2597.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2597", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an \"ip\" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2597", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20041027 Multiple Vulnerabilites in Quake II Server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html" - }, - { - "name" : "http://secur1ty.net/advisories/001", - "refsource" : "MISC", - "url" : "http://secur1ty.net/advisories/001" - }, - { - "name" : "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/", - "refsource" : "CONFIRM", - "url" : "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/" - }, - { - "name" : "11551", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11551" - }, - { - "name" : "11186", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11186" - }, - { - "name" : "1011979", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011979" - }, - { - "name" : "13013", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13013" - }, - { - "name" : "quake-ip-spoofing(17895)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17895" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an \"ip\" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/", + "refsource": "CONFIRM", + "url": "http://web.archive.org/web/20041130092749/www.r1ch.net/stuff/r1q2/" + }, + { + "name": "1011979", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011979" + }, + { + "name": "11551", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11551" + }, + { + "name": "11186", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11186" + }, + { + "name": "13013", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13013" + }, + { + "name": "http://secur1ty.net/advisories/001", + "refsource": "MISC", + "url": "http://secur1ty.net/advisories/001" + }, + { + "name": "quake-ip-spoofing(17895)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17895" + }, + { + "name": "20041027 Multiple Vulnerabilites in Quake II Server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2004-10/0299.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2691.json b/2004/2xxx/CVE-2004-2691.json index 760d3143a8a..db3d28381a9 100644 --- a/2004/2xxx/CVE-2004-2691.json +++ b/2004/2xxx/CVE-2004-2691.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "7246", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7246" - }, - { - "name" : "11934", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11934" - }, - { - "name" : "3com-superstack-mngmt-dos(16497)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16497" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3com-superstack-mngmt-dos(16497)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16497" + }, + { + "name": "7246", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7246" + }, + { + "name": "11934", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11934" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2375.json b/2008/2xxx/CVE-2008-2375.json index 134c2c32d85..808f1bc4da4 100644 --- a/2008/2xxx/CVE-2008-2375.json +++ b/2008/2xxx/CVE-2008-2375.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2375", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2375", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080708 rPSA-2008-0217-1 vsftpd", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/494081/100/0/threaded" - }, - { - "name" : "[oss-security] 20080630 CVE-2008-2375 older vsftpd authentication memory leak", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/06/30/2" - }, - { - "name" : "https://bugzilla.redhat.com/attachment.cgi?id=201051", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/attachment.cgi?id=201051" - }, - { - "name" : "https://issues.rpath.com/browse/RPL-2640", - "refsource" : "CONFIRM", - "url" : "https://issues.rpath.com/browse/RPL-2640" - }, - { - "name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0217", - "refsource" : "CONFIRM", - "url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0217" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm" - }, - { - "name" : "RHSA-2008:0579", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0579.html" - }, - { - "name" : "RHSA-2008:0680", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-0680.html" - }, - { - "name" : "30364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30364" - }, - { - "name" : "oval:org.mitre.oval:def:10138", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138" - }, - { - "name" : "ADV-2008-2820", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2820" - }, - { - "name" : "1020546", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020546" - }, - { - "name" : "31007", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31007" - }, - { - "name" : "31223", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31223" - }, - { - "name" : "32263", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32263" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2820", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2820" + }, + { + "name": "30364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30364" + }, + { + "name": "RHSA-2008:0680", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0680.html" + }, + { + "name": "oval:org.mitre.oval:def:10138", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10138" + }, + { + "name": "https://bugzilla.redhat.com/attachment.cgi?id=201051", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/attachment.cgi?id=201051" + }, + { + "name": "RHSA-2008:0579", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-0579.html" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-398.htm" + }, + { + "name": "31223", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31223" + }, + { + "name": "http://wiki.rpath.com/Advisories:rPSA-2008-0217", + "refsource": "CONFIRM", + "url": "http://wiki.rpath.com/Advisories:rPSA-2008-0217" + }, + { + "name": "31007", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31007" + }, + { + "name": "https://issues.rpath.com/browse/RPL-2640", + "refsource": "CONFIRM", + "url": "https://issues.rpath.com/browse/RPL-2640" + }, + { + "name": "1020546", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020546" + }, + { + "name": "32263", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32263" + }, + { + "name": "20080708 rPSA-2008-0217-1 vsftpd", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/494081/100/0/threaded" + }, + { + "name": "[oss-security] 20080630 CVE-2008-2375 older vsftpd authentication memory leak", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/30/2" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2594.json b/2008/2xxx/CVE-2008-2594.json index 87a9ac5c35b..c9e35ca5de8 100644 --- a/2008/2xxx/CVE-2008-2594.json +++ b/2008/2xxx/CVE-2008-2594.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2594", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2594", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020494", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020494" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "1020494", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020494" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2883.json b/2008/2xxx/CVE-2008-2883.json index 74a745ff200..7697127d87b 100644 --- a/2008/2xxx/CVE-2008-2883.json +++ b/2008/2xxx/CVE-2008-2883.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2883", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2883", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5876", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5876" - }, - { - "name" : "http://www.jamroom.net/", - "refsource" : "CONFIRM", - "url" : "http://www.jamroom.net/" - }, - { - "name" : "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1130", - "refsource" : "CONFIRM", - "url" : "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1130" - }, - { - "name" : "30806", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30806" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in include/plugins/jrBrowser/payment.php in Jamroom 3.3.0 through 3.3.5 allows remote attackers to execute arbitrary PHP code via a URL in the jamroom[jm_dir] parameter. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1130", + "refsource": "CONFIRM", + "url": "http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1130" + }, + { + "name": "30806", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30806" + }, + { + "name": "5876", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5876" + }, + { + "name": "http://www.jamroom.net/", + "refsource": "CONFIRM", + "url": "http://www.jamroom.net/" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2955.json b/2008/2xxx/CVE-2008-2955.json index 9d32b6ca834..a9f82d3dcbe 100644 --- a/2008/2xxx/CVE-2008-2955.json +++ b/2008/2xxx/CVE-2008-2955.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2955", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2008-2955", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080626 Pidgin 2.4.1 Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493682/100/0/threaded" - }, - { - "name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm", - "refsource" : "CONFIRM", - "url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm" - }, - { - "name" : "MDVSA-2009:025", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025" - }, - { - "name" : "RHSA-2008:1023", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2008-1023.html" - }, - { - "name" : "USN-675-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-675-1" - }, - { - "name" : "29985", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29985" - }, - { - "name" : "oval:org.mitre.oval:def:10131", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131" - }, - { - "name" : "oval:org.mitre.oval:def:18050", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050" - }, - { - "name" : "32859", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/32859" - }, - { - "name" : "ADV-2008-1947", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1947" - }, - { - "name" : "30881", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30881" - }, - { - "name" : "33102", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/33102" - }, - { - "name" : "3966", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3966" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-1947", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1947" + }, + { + "name": "3966", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3966" + }, + { + "name": "oval:org.mitre.oval:def:18050", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18050" + }, + { + "name": "MDVSA-2009:025", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:025" + }, + { + "name": "29985", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29985" + }, + { + "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm", + "refsource": "CONFIRM", + "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-493.htm" + }, + { + "name": "33102", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/33102" + }, + { + "name": "20080626 Pidgin 2.4.1 Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493682/100/0/threaded" + }, + { + "name": "USN-675-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-675-1" + }, + { + "name": "32859", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/32859" + }, + { + "name": "oval:org.mitre.oval:def:10131", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10131" + }, + { + "name": "30881", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30881" + }, + { + "name": "RHSA-2008:1023", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2008-1023.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0422.json b/2012/0xxx/CVE-2012-0422.json index b701415c7ea..f5f9bdb529b 100644 --- a/2012/0xxx/CVE-2012-0422.json +++ b/2012/0xxx/CVE-2012-0422.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0422", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0422", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1007.json b/2012/1xxx/CVE-2012-1007.json index 34559a63880..6d0441211b8 100644 --- a/2012/1xxx/CVE-2012-1007.json +++ b/2012/1xxx/CVE-2012-1007.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt" - }, - { - "name" : "http://secpod.org/blog/?p=450", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=450" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" - }, - { - "name" : "51900", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51900" - }, - { - "name" : "apache-struts-name-xss(73052)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73052" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secpod.org/blog/?p=450", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=450" + }, + { + "name": "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" + }, + { + "name": "apache-struts-name-xss(73052)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73052" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" + }, + { + "name": "51900", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51900" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1086.json b/2012/1xxx/CVE-2012-1086.json index 2a5cc33202d..c8d1bc305e3 100644 --- a/2012/1xxx/CVE-2012-1086.json +++ b/2012/1xxx/CVE-2012-1086.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1086", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1086", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", - "refsource" : "MISC", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" - }, - { - "name" : "51855", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51855" - }, - { - "name" : "78801", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78801" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/", + "refsource": "MISC", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/" + }, + { + "name": "78801", + "refsource": "OSVDB", + "url": "http://osvdb.org/78801" + }, + { + "name": "51855", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51855" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1125.json b/2012/1xxx/CVE-2012-1125.json index cbb67c05dc8..6a0e2823ed3 100644 --- a/2012/1xxx/CVE-2012-1125.json +++ b/2012/1xxx/CVE-2012-1125.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120123 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html" - }, - { - "name" : "18412", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18412" - }, - { - "name" : "[oss-security] 20120306 CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/3" - }, - { - "name" : "[oss-security] 20120306 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/11" - }, - { - "name" : "[oss-security] 20120308 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/08/1" - }, - { - "name" : "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt", - "refsource" : "CONFIRM", - "url" : "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt" - }, - { - "name" : "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php" - }, - { - "name" : "51638", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51638" - }, - { - "name" : "78479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/78479" - }, - { - "name" : "47688", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47688" - }, - { - "name" : "wp-kishguest-uploadify-file-upload(79563)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unrestricted file upload vulnerability in uploadify/scripts/uploadify.php in the Kish Guest Posting plugin before 1.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with a PHP extension, then accessing it via a direct request to the file in the directory specified by the folder parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47688", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47688" + }, + { + "name": "[oss-security] 20120308 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/08/1" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/403694/kish-guest-posting/trunk/uploadify/scripts/uploadify.php" + }, + { + "name": "[oss-security] 20120306 Re: CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/11" + }, + { + "name": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt", + "refsource": "CONFIRM", + "url": "http://plugins.svn.wordpress.org/kish-guest-posting/trunk/readme.txt" + }, + { + "name": "wp-kishguest-uploadify-file-upload(79563)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79563" + }, + { + "name": "[oss-security] 20120306 CVE-request: Kish Guest Posting Plugin for WordPress File Upload Remote PHP Code Execution", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/3" + }, + { + "name": "51638", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51638" + }, + { + "name": "20120123 Wordpress Kish Guest Posting Plugin 1.0 (uploadify.php) Unrestricted File Upload Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0145.html" + }, + { + "name": "18412", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18412" + }, + { + "name": "78479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/78479" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1347.json b/2012/1xxx/CVE-2012-1347.json index 7c201da108e..281b730ba8b 100644 --- a/2012/1xxx/CVE-2012-1347.json +++ b/2012/1xxx/CVE-2012-1347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1789.json b/2012/1xxx/CVE-2012-1789.json index 87565b87a7b..8af8a3c29a0 100644 --- a/2012/1xxx/CVE-2012-1789.json +++ b/2012/1xxx/CVE-2012-1789.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1789", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1789", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120224 Kongreg8 1.7.3 Mutiple XSS", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0154.html" - }, - { - "name" : "52178", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52178" - }, - { - "name" : "kongreg8-multiple-xss(73510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) surname or (2) firstname parameters to modules/members/addmember.php; or (3) groupdescription or (4) groupname parameters to modules/groups/addgroupform.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "kongreg8-multiple-xss(73510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73510" + }, + { + "name": "20120224 Kongreg8 1.7.3 Mutiple XSS", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0154.html" + }, + { + "name": "52178", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52178" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5118.json b/2012/5xxx/CVE-2012-5118.json index 3805be7be7a..08b13109d82 100644 --- a/2012/5xxx/CVE-2012-5118.json +++ b/2012/5xxx/CVE-2012-5118.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@google.com", + "ID": "CVE-2012-5118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", - "refsource" : "CONFIRM", - "url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" - }, - { - "name" : "https://code.google.com/p/chromium/issues/detail?id=149717", - "refsource" : "CONFIRM", - "url" : "https://code.google.com/p/chromium/issues/detail?id=149717" - }, - { - "name" : "56413", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56413" - }, - { - "name" : "87074", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87074" - }, - { - "name" : "chrome-cve20125118-code-exec(79865)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Google Chrome before 23.0.1271.64 on Mac OS X does not properly validate an integer value during the handling of GPU command buffers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56413", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56413" + }, + { + "name": "87074", + "refsource": "OSVDB", + "url": "http://osvdb.org/87074" + }, + { + "name": "chrome-cve20125118-code-exec(79865)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79865" + }, + { + "name": "https://code.google.com/p/chromium/issues/detail?id=149717", + "refsource": "CONFIRM", + "url": "https://code.google.com/p/chromium/issues/detail?id=149717" + }, + { + "name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html", + "refsource": "CONFIRM", + "url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-release-and-beta-channel.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5348.json b/2012/5xxx/CVE-2012-5348.json index 4d0e156fe00..cefb15d9015 100644 --- a/2012/5xxx/CVE-2012-5348.json +++ b/2012/5xxx/CVE-2012-5348.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5348", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5348", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18335", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18335" - }, - { - "name" : "51314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51314" - }, - { - "name" : "47468", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47468" - }, - { - "name" : "mangosweb-index-sql-injection(72231)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72231" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18335", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18335" + }, + { + "name": "51314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51314" + }, + { + "name": "mangosweb-index-sql-injection(72231)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72231" + }, + { + "name": "47468", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47468" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5592.json b/2012/5xxx/CVE-2012-5592.json index 494df253b5c..c85416b7c5d 100644 --- a/2012/5xxx/CVE-2012-5592.json +++ b/2012/5xxx/CVE-2012-5592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5592", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-5592", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6052. Reason: This candidate is a reservation duplicate of CVE-2012-6052. Notes: All CVE users should reference CVE-2012-6052 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5937.json b/2012/5xxx/CVE-2012-5937.json index 0b0eeb4f2c5..7e650d7775b 100644 --- a/2012/5xxx/CVE-2012-5937.json +++ b/2012/5xxx/CVE-2012-5937.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21633925", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21633925" - }, - { - "name" : "IC85189", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189" - }, - { - "name" : "sterling-b2b-command-execution(80403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sterling-b2b-command-execution(80403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80403" + }, + { + "name": "IC85189", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC85189" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21633925", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21633925" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11572.json b/2017/11xxx/CVE-2017-11572.json index dd21637f135..beefabbaf61 100644 --- a/2017/11xxx/CVE-2017-11572.json +++ b/2017/11xxx/CVE-2017-11572.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/fontforge/fontforge/issues/3092", - "refsource" : "MISC", - "url" : "https://github.com/fontforge/fontforge/issues/3092" - }, - { - "name" : "DSA-3958", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3958" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FontForge 20161012 is vulnerable to a heap-based buffer over-read in readcfftopdicts (parsettf.c) resulting in DoS or code execution via a crafted otf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3958", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3958" + }, + { + "name": "https://github.com/fontforge/fontforge/issues/3092", + "refsource": "MISC", + "url": "https://github.com/fontforge/fontforge/issues/3092" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3455.json b/2017/3xxx/CVE-2017-3455.json index 97fc73edd60..5651a765f47 100644 --- a/2017/3xxx/CVE-2017-3455.json +++ b/2017/3xxx/CVE-2017-3455.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3455", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.17 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3455", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.17 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "97820", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97820" - }, - { - "name" : "1038287", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038287" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.17 and earlier. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038287", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038287" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97820", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97820" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3722.json b/2017/3xxx/CVE-2017-3722.json index 4a6a2dd1f71..a209089018e 100644 --- a/2017/3xxx/CVE-2017-3722.json +++ b/2017/3xxx/CVE-2017-3722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-3722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3810.json b/2017/3xxx/CVE-2017-3810.json index 47b8d9204f4..7186fa7855c 100644 --- a/2017/3xxx/CVE-2017-3810.json +++ b/2017/3xxx/CVE-2017-3810.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3810", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Prime Service Catalog 10.0_R2_tanggula", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Prime Service Catalog 10.0_R2_tanggula" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "web URL redirect attack" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3810", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Prime Service Catalog 10.0_R2_tanggula", + "version": { + "version_data": [ + { + "version_value": "Cisco Prime Service Catalog 10.0_R2_tanggula" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc" - }, - { - "name" : "95947", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95947" - }, - { - "name" : "1037772", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a web URL redirect attack against a user who is logged in to an affected system. More Information: CSCvb21745. Known Affected Releases: 10.0_R2_tanggula." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "web URL redirect attack" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95947", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95947" + }, + { + "name": "1037772", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037772" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-psc" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6816.json b/2017/6xxx/CVE-2017-6816.json index bce3921df92..e120488adde 100644 --- a/2017/6xxx/CVE-2017-6816.json +++ b/2017/6xxx/CVE-2017-6816.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6816", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6816", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://codex.wordpress.org/Version_4.7.3", - "refsource" : "MISC", - "url" : "https://codex.wordpress.org/Version_4.7.3" - }, - { - "name" : "https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663", - "refsource" : "MISC", - "url" : "https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663" - }, - { - "name" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", - "refsource" : "MISC", - "url" : "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" - }, - { - "name" : "https://wpvulndb.com/vulnerabilities/8767", - "refsource" : "MISC", - "url" : "https://wpvulndb.com/vulnerabilities/8767" - }, - { - "name" : "DSA-3815", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3815" - }, - { - "name" : "96598", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96598" - }, - { - "name" : "1037959", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can be deleted by administrators using the plugin deletion functionality." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037959", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037959" + }, + { + "name": "DSA-3815", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3815" + }, + { + "name": "https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663", + "refsource": "MISC", + "url": "https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663" + }, + { + "name": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/", + "refsource": "MISC", + "url": "https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/" + }, + { + "name": "https://wpvulndb.com/vulnerabilities/8767", + "refsource": "MISC", + "url": "https://wpvulndb.com/vulnerabilities/8767" + }, + { + "name": "https://codex.wordpress.org/Version_4.7.3", + "refsource": "MISC", + "url": "https://codex.wordpress.org/Version_4.7.3" + }, + { + "name": "96598", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96598" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7679.json b/2017/7xxx/CVE-2017-7679.json index 1fbfc7daed2..af463f3ebe9 100644 --- a/2017/7xxx/CVE-2017-7679.json +++ b/2017/7xxx/CVE-2017-7679.json @@ -1,165 +1,165 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "ID" : "CVE-2017-7679", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache HTTP Server", - "version" : { - "version_data" : [ - { - "version_value" : "2.2.0 to 2.2.32" - }, - { - "version_value" : "2.4.0 to 2.4.25" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Overread (CWE-126)" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "ID": "CVE-2017-7679", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.2.0 to 2.2.32" + }, + { + "version_value": "2.4.0 to 2.4.25" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[dev] 20170619 CVE-2017-7679: mod_mime buffer overread", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E" - }, - { - "name" : "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679", - "refsource" : "MISC", - "url" : "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679" - }, - { - "name" : "https://www.nomachine.com/SU08O00185", - "refsource" : "CONFIRM", - "url" : "https://www.nomachine.com/SU08O00185" - }, - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" - }, - { - "name" : "https://support.apple.com/HT208221", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208221" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20180601-0002/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20180601-0002/" - }, - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" - }, - { - "name" : "DSA-3896", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3896" - }, - { - "name" : "GLSA-201710-32", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-32" - }, - { - "name" : "RHSA-2017:3193", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3193" - }, - { - "name" : "RHSA-2017:3194", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3194" - }, - { - "name" : "RHSA-2017:3195", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3195" - }, - { - "name" : "RHSA-2017:3475", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3475" - }, - { - "name" : "RHSA-2017:3476", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3476" - }, - { - "name" : "RHSA-2017:3477", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:3477" - }, - { - "name" : "RHSA-2017:2478", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2478" - }, - { - "name" : "RHSA-2017:2479", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2479" - }, - { - "name" : "RHSA-2017:2483", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2483" - }, - { - "name" : "99170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99170" - }, - { - "name" : "1038711", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Overread (CWE-126)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208221", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208221" + }, + { + "name": "RHSA-2017:2479", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2479" + }, + { + "name": "RHSA-2017:2483", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2483" + }, + { + "name": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679", + "refsource": "MISC", + "url": "https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679" + }, + { + "name": "https://security.netapp.com/advisory/ntap-20180601-0002/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20180601-0002/" + }, + { + "name": "https://www.nomachine.com/SU08O00185", + "refsource": "CONFIRM", + "url": "https://www.nomachine.com/SU08O00185" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" + }, + { + "name": "RHSA-2017:3475", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3475" + }, + { + "name": "[dev] 20170619 CVE-2017-7679: mod_mime buffer overread", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751@%3Cdev.httpd.apache.org%3E" + }, + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us" + }, + { + "name": "RHSA-2017:3195", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3195" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" + }, + { + "name": "99170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99170" + }, + { + "name": "RHSA-2017:3476", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3476" + }, + { + "name": "RHSA-2017:3477", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3477" + }, + { + "name": "DSA-3896", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3896" + }, + { + "name": "RHSA-2017:3194", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3194" + }, + { + "name": "RHSA-2017:3193", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:3193" + }, + { + "name": "1038711", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038711" + }, + { + "name": "GLSA-201710-32", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-32" + }, + { + "name": "RHSA-2017:2478", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2478" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7875.json b/2017/7xxx/CVE-2017-7875.json index b0892ba6414..438af18caaf 100644 --- a/2017/7xxx/CVE-2017-7875.json +++ b/2017/7xxx/CVE-2017-7875.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7875", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7875", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://feh.finalrewind.org/", - "refsource" : "CONFIRM", - "url" : "https://feh.finalrewind.org/" - }, - { - "name" : "https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d", - "refsource" : "CONFIRM", - "url" : "https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d" - }, - { - "name" : "GLSA-201707-08", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-08" - }, - { - "name" : "97689", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97689" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In wallpaper.c in feh before v2.18.3, if a malicious client pretends to be the E17 window manager, it is possible to trigger an out-of-boundary heap write while receiving an IPC message. An integer overflow leads to a buffer overflow and/or a double free." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201707-08", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-08" + }, + { + "name": "https://feh.finalrewind.org/", + "refsource": "CONFIRM", + "url": "https://feh.finalrewind.org/" + }, + { + "name": "97689", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97689" + }, + { + "name": "https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d", + "refsource": "CONFIRM", + "url": "https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8185.json b/2017/8xxx/CVE-2017-8185.json index c3ba2428e90..5867a8ebd3d 100644 --- a/2017/8xxx/CVE-2017-8185.json +++ b/2017/8xxx/CVE-2017-8185.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8185", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ME906s-158", - "version" : { - "version_data" : [ - { - "version_value" : "Earlier than ME906S_Installer_13.1805.10.3 versions" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Privilege Escalation" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8185", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ME906s-158", + "version": { + "version_data": [ + { + "version_value": "Earlier than ME906S_Installer_13.1805.10.3 versions" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a privilege elevation vulnerability. An attacker could exploit this vulnerability to modify the configuration information containing malicious files and trick users into executing the files, resulting in the execution of arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Privilege Escalation" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170927-01-me906s-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8364.json b/2017/8xxx/CVE-2017-8364.json index db8c9fc2de2..241394c2b49 100644 --- a/2017/8xxx/CVE-2017-8364.json +++ b/2017/8xxx/CVE-2017-8364.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The read_buf function in stream.c in rzip 2.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted archive." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8437.json b/2017/8xxx/CVE-2017-8437.json index 90f1ebb4a66..3e47e37b089 100644 --- a/2017/8xxx/CVE-2017-8437.json +++ b/2017/8xxx/CVE-2017-8437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8862.json b/2017/8xxx/CVE-2017-8862.json index 8e8682aca14..1635d89b100 100644 --- a/2017/8xxx/CVE-2017-8862.json +++ b/2017/8xxx/CVE-2017-8862.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with \"root\" privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/", - "refsource" : "MISC", - "url" : "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The webupgrade function on the Cohu 3960HD does not verify the firmware upgrade files or process, allowing an attacker to upload a specially crafted postinstall.sh file that will be executed with \"root\" privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/", + "refsource": "MISC", + "url": "https://bneg.io/2017/05/12/vulnerabilities-in-cohu-3960hd/" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8983.json b/2017/8xxx/CVE-2017-8983.json index cdee9e9a4bc..996d8031310 100644 --- a/2017/8xxx/CVE-2017-8983.json +++ b/2017/8xxx/CVE-2017-8983.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security-alert@hpe.com", - "DATE_PUBLIC" : "2018-01-24T00:00:00", - "ID" : "CVE-2017-8983", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Intelligent Management Center (iMC) PLAT", - "version" : { - "version_data" : [ - { - "version_value" : "7.3 E0504P4" - } - ] - } - } - ] - }, - "vendor_name" : "Hewlett Packard Enterprise" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "security-alert@hpe.com", + "DATE_PUBLIC": "2018-01-24T00:00:00", + "ID": "CVE-2017-8983", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Intelligent Management Center (iMC) PLAT", + "version": { + "version_data": [ + { + "version_value": "7.3 E0504P4" + } + ] + } + } + ] + }, + "vendor_name": "Hewlett Packard Enterprise" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us", - "refsource" : "CONFIRM", - "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P4 was found." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us", + "refsource": "CONFIRM", + "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03808en_us" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10067.json b/2018/10xxx/CVE-2018-10067.json index 2ec1b97862d..0ce352eb762 100644 --- a/2018/10xxx/CVE-2018-10067.json +++ b/2018/10xxx/CVE-2018-10067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10067", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10067", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10402.json b/2018/10xxx/CVE-2018-10402.json index 41c629849cb..d04d398bb88 100644 --- a/2018/10xxx/CVE-2018-10402.json +++ b/2018/10xxx/CVE-2018-10402.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10402", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10402", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10469.json b/2018/10xxx/CVE-2018-10469.json index 494b802f731..387a2841a4f 100644 --- a/2018/10xxx/CVE-2018-10469.json +++ b/2018/10xxx/CVE-2018-10469.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10469", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10469", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/b3log/symphony/issues/620", - "refsource" : "MISC", - "url" : "https://github.com/b3log/symphony/issues/620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and execute arbitrary JSP files via the name[] parameter to the /upload URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/b3log/symphony/issues/620", + "refsource": "MISC", + "url": "https://github.com/b3log/symphony/issues/620" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10517.json b/2018/10xxx/CVE-2018-10517.json index d8afdd2d17b..15b965cac3c 100644 --- a/2018/10xxx/CVE-2018-10517.json +++ b/2018/10xxx/CVE-2018-10517.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CMS Made Simple (CMSMS) through 2.2.7, the \"module import\" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45793", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45793/" - }, - { - "name" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CMS Made Simple (CMSMS) through 2.2.7, the \"module import\" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cmsms_cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cmsms_cve/blob/master/README.md" + }, + { + "name": "45793", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45793/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13346.json b/2018/13xxx/CVE-2018-13346.json index 4e5cd97f074..0703cfa20ed 100644 --- a/2018/13xxx/CVE-2018-13346.json +++ b/2018/13xxx/CVE-2018-13346.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13346", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13346", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.mercurial-scm.org/repo/hg/rev/faa924469635", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/repo/hg/rev/faa924469635" - }, - { - "name" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29", - "refsource" : "MISC", - "url" : "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the original data, aka OVE-20180430-0004." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29" + }, + { + "name": "https://www.mercurial-scm.org/repo/hg/rev/faa924469635", + "refsource": "MISC", + "url": "https://www.mercurial-scm.org/repo/hg/rev/faa924469635" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13434.json b/2018/13xxx/CVE-2018-13434.json index adae9aeaa71..dd2edf34113 100644 --- a/2018/13xxx/CVE-2018-13434.json +++ b/2018/13xxx/CVE-2018-13434.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13434", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be \"true\" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13434", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/tanprathan/f5133651e438b2ad1b39172d52b56115", - "refsource" : "MISC", - "url" : "https://gist.github.com/tanprathan/f5133651e438b2ad1b39172d52b56115" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be \"true\" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/tanprathan/f5133651e438b2ad1b39172d52b56115", + "refsource": "MISC", + "url": "https://gist.github.com/tanprathan/f5133651e438b2ad1b39172d52b56115" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13606.json b/2018/13xxx/CVE-2018-13606.json index bc99dafcd5b..0343efae1c6 100644 --- a/2018/13xxx/CVE-2018-13606.json +++ b/2018/13xxx/CVE-2018-13606.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13606", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13606", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ARChain", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ARChain" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for ARChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ARChain", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ARChain" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17405.json b/2018/17xxx/CVE-2018-17405.json index 6a4ff7845af..1659dfc14c6 100644 --- a/2018/17xxx/CVE-2018-17405.json +++ b/2018/17xxx/CVE-2018-17405.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17405", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17405", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17447.json b/2018/17xxx/CVE-2018-17447.json index 8cf4b7c8383..91f5af50d87 100644 --- a/2018/17xxx/CVE-2018-17447.json +++ b/2018/17xxx/CVE-2018-17447.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17447", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17447", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.citrix.com/article/CTX236992", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX236992" - }, - { - "name" : "105711", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105711" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.citrix.com/article/CTX236992", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX236992" + }, + { + "name": "105711", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105711" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17705.json b/2018/17xxx/CVE-2018-17705.json index b9de6d78ef0..efacf5289c7 100644 --- a/2018/17xxx/CVE-2018-17705.json +++ b/2018/17xxx/CVE-2018-17705.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17705", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17705", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1198/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1198/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of CheckBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7255." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1198/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1198/" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17808.json b/2018/17xxx/CVE-2018-17808.json index 8c6837be139..8a78bcbd503 100644 --- a/2018/17xxx/CVE-2018-17808.json +++ b/2018/17xxx/CVE-2018-17808.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17808", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17808", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9392.json b/2018/9xxx/CVE-2018-9392.json index 9b12ecc817c..f24d6ba6019 100644 --- a/2018/9xxx/CVE-2018-9392.json +++ b/2018/9xxx/CVE-2018-9392.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9392", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9392", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9973.json b/2018/9xxx/CVE-2018-9973.json index 1e0ce39b4fb..6490410d3f2 100644 --- a/2018/9xxx/CVE-2018-9973.json +++ b/2018/9xxx/CVE-2018-9973.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-9973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.1049" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-125-Out-of-bounds Read" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-9973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.1049" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-357", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-357" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5758." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-125-Out-of-bounds Read" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-357", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-357" + } + ] + } +} \ No newline at end of file