diff --git a/2003/0xxx/CVE-2003-0207.json b/2003/0xxx/CVE-2003-0207.json index a41c25a9415..ed6b8a8b2af 100644 --- a/2003/0xxx/CVE-2003-0207.json +++ b/2003/0xxx/CVE-2003-0207.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0207", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0207", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-286", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-286", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-286" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0471.json b/2003/0xxx/CVE-2003-0471.json index 160eae79e48..28e7601a889 100644 --- a/2003/0xxx/CVE-2003-0471.json +++ b/2003/0xxx/CVE-2003-0471.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030624 Remote Buffer Overrun WebAdmin.exe", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105647081418155&w=2" - }, - { - "name" : "20030624 Re: WebAdmin from ALT-N remote exploit PoC", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105648385900792&w=2" - }, - { - "name" : "8024", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8024" - }, - { - "name" : "2207", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2207" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8024", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8024" + }, + { + "name": "20030624 Re: WebAdmin from ALT-N remote exploit PoC", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105648385900792&w=2" + }, + { + "name": "2207", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2207" + }, + { + "name": "20030624 Remote Buffer Overrun WebAdmin.exe", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105647081418155&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0511.json b/2003/0xxx/CVE-2003-0511.json index d9d863da4c4..0661795a485 100644 --- a/2003/0xxx/CVE-2003-0511.json +++ b/2003/0xxx/CVE-2003-0511.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0511", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0511", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html" - }, - { - "name" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm", - "refsource" : "MISC", - "url" : "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm" - }, - { - "name" : "20030728 HTTP GET Vulnerability in AP1x00", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml" - }, - { - "name" : "oval:org.mitre.oval:def:5834", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030728 Cisco Aironet AP 1100 Malformed HTTP Request Crash Vulnerability", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0055.html" + }, + { + "name": "20030728 HTTP GET Vulnerability in AP1x00", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20030728-ap1x00.shtml" + }, + { + "name": "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm", + "refsource": "MISC", + "url": "http://www.vigilante.com/inetsecurity/advisories/VIGILANTE-2003001.htm" + }, + { + "name": "oval:org.mitre.oval:def:5834", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5834" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1002.json b/2003/1xxx/CVE-2003-1002.json index 529ed212c42..85b4ad16562 100644 --- a/2003/1xxx/CVE-2003-1002.json +++ b/2003/1xxx/CVE-2003-1002.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031215 Cisco FWSM Vulnerabilities", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031215 Cisco FWSM Vulnerabilities", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sa-20031215-fwsm.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1129.json b/2003/1xxx/CVE-2003-1129.json index cb954342af6..e98fa8f9f16 100644 --- a/2003/1xxx/CVE-2003-1129.json +++ b/2003/1xxx/CVE-2003-1129.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://help.yahoo.com/help/us/mesg/use/use-45.html", - "refsource" : "CONFIRM", - "url" : "http://help.yahoo.com/help/us/mesg/use/use-45.html" - }, - { - "name" : "20030530 Yahoo! Security Advisory: Yahoo! Voice Chat", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/323439" - }, - { - "name" : "VU#272644", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/272644" - }, - { - "name" : "7561", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7561" - }, - { - "name" : "8924", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8924" - }, - { - "name" : "yahoo-audio-bo(12130)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12130" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "7561", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7561" + }, + { + "name": "yahoo-audio-bo(12130)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12130" + }, + { + "name": "VU#272644", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/272644" + }, + { + "name": "http://help.yahoo.com/help/us/mesg/use/use-45.html", + "refsource": "CONFIRM", + "url": "http://help.yahoo.com/help/us/mesg/use/use-45.html" + }, + { + "name": "8924", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8924" + }, + { + "name": "20030530 Yahoo! Security Advisory: Yahoo! Voice Chat", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/323439" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1498.json b/2003/1xxx/CVE-2003-1498.json index 9623adb210c..41999866006 100644 --- a/2003/1xxx/CVE-2003-1498.json +++ b/2003/1xxx/CVE-2003-1498.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html" - }, - { - "name" : "8823", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8823" - }, - { - "name" : "zoom-search-xss(13431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zoom Search Engine 2.0 Build 1018 and earlier allows remote attackers to inject arbitrary web script or HTML via the zoom_query parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zoom-search-xss(13431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13431" + }, + { + "name": "20031014 Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2003-10/0173.html" + }, + { + "name": "8823", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8823" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0374.json b/2004/0xxx/CVE-2004-0374.json index 10faee65d03..3dd5fc3bcb5 100644 --- a/2004/0xxx/CVE-2004-0374.json +++ b/2004/0xxx/CVE-2004-0374.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0374", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Interchange before 5.0.1 allows remote attackers to \"expose the content of arbitrary variables\" and read or modify sensitive SQL information via an HTTP request ending with the \"__SQLUSER__\" string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0374", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[interchange-announce] 20040329 Security Problem in Interchange", - "refsource" : "MLIST", - "url" : "http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html" - }, - { - "name" : "http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW", - "refsource" : "CONFIRM", - "url" : "http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW" - }, - { - "name" : "DSA-471", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-471" - }, - { - "name" : "10005", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10005" - }, - { - "name" : "11234", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11234" - }, - { - "name" : "interchange-url-obtain-information(15670)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Interchange before 5.0.1 allows remote attackers to \"expose the content of arbitrary variables\" and read or modify sensitive SQL information via an HTTP request ending with the \"__SQLUSER__\" string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[interchange-announce] 20040329 Security Problem in Interchange", + "refsource": "MLIST", + "url": "http://www.icdevgroup.org/pipermail/interchange-announce/2004/000043.html" + }, + { + "name": "10005", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10005" + }, + { + "name": "http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW", + "refsource": "CONFIRM", + "url": "http://ftp.icdevgroup.org/interchange/5.0/WHATSNEW" + }, + { + "name": "interchange-url-obtain-information(15670)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15670" + }, + { + "name": "11234", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11234" + }, + { + "name": "DSA-471", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-471" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2081.json b/2004/2xxx/CVE-2004-2081.json index 3baff6b1a6e..ff2cfd66706 100644 --- a/2004/2xxx/CVE-2004-2081.json +++ b/2004/2xxx/CVE-2004-2081.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040213 Sami FTP Server 1.1.3 multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/353753" - }, - { - "name" : "http://www.karja.com/samiftp/news.html", - "refsource" : "MISC", - "url" : "http://www.karja.com/samiftp/news.html" - }, - { - "name" : "9657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9657" - }, - { - "name" : "sami-cd-get-dos(15204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20040213 Sami FTP Server 1.1.3 multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/353753" + }, + { + "name": "9657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9657" + }, + { + "name": "sami-cd-get-dos(15204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15204" + }, + { + "name": "http://www.karja.com/samiftp/news.html", + "refsource": "MISC", + "url": "http://www.karja.com/samiftp/news.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2156.json b/2004/2xxx/CVE-2004-2156.json index d19df9e2721..4b1a9ddf089 100644 --- a/2004/2xxx/CVE-2004-2156.json +++ b/2004/2xxx/CVE-2004-2156.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html", - "refsource" : "CONFIRM", - "url" : "http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html" - }, - { - "name" : "11306", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11306" - }, - { - "name" : "10479", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/10479" - }, - { - "name" : "12720", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12720/" - }, - { - "name" : "1011539", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011539" - }, - { - "name" : "online-recruitment-agency(17586)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17586" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11306", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11306" + }, + { + "name": "12720", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12720/" + }, + { + "name": "10479", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/10479" + }, + { + "name": "http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html", + "refsource": "CONFIRM", + "url": "http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html" + }, + { + "name": "1011539", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011539" + }, + { + "name": "online-recruitment-agency(17586)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17586" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2493.json b/2004/2xxx/CVE-2004-2493.json index 35c26d67f94..abb7639b306 100644 --- a/2004/2xxx/CVE-2004-2493.json +++ b/2004/2xxx/CVE-2004-2493.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2493", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2493", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html" - }, - { - "name" : "11773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11773" - }, - { - "name" : "12153", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/12153" - }, - { - "name" : "13321", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13321" - }, - { - "name" : "groupmax-directory-traversal(18278)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18278" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi-support.com/security_e/vuls_e/HS04-007_e/01-e.html" + }, + { + "name": "12153", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/12153" + }, + { + "name": "groupmax-directory-traversal(18278)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18278" + }, + { + "name": "13321", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13321" + }, + { + "name": "11773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11773" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2591.json b/2008/2xxx/CVE-2008-2591.json index 4c47cac80c4..efe8172508e 100644 --- a/2008/2xxx/CVE-2008-2591.json +++ b/2008/2xxx/CVE-2008-2591.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2591", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2591", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" - }, - { - "name" : "HPSBMA02133", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "SSRT061201", - "refsource" : "HP", - "url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" - }, - { - "name" : "ADV-2008-2115", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2115" - }, - { - "name" : "ADV-2008-2109", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2109/references" - }, - { - "name" : "1020499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020499" - }, - { - "name" : "31113", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31113" - }, - { - "name" : "31087", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31087" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Database Vault component in Oracle Database 9.2.0.8DV, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" + }, + { + "name": "ADV-2008-2115", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2115" + }, + { + "name": "SSRT061201", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "HPSBMA02133", + "refsource": "HP", + "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" + }, + { + "name": "ADV-2008-2109", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2109/references" + }, + { + "name": "1020499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020499" + }, + { + "name": "31087", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31087" + }, + { + "name": "31113", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31113" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2713.json b/2008/2xxx/CVE-2008-2713.json index 8c58a9db6ad..0efbb0562b9 100644 --- a/2008/2xxx/CVE-2008-2713.json +++ b/2008/2xxx/CVE-2008-2713.json @@ -1,212 +1,212 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2713", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2713", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20080615 CVE id request: Clamav", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/06/15/2" - }, - { - "name" : "[oss-security] 20080617 Re: CVE id request: Clamav", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2008/06/17/8" - }, - { - "name" : "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886", - "refsource" : "CONFIRM", - "url" : "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886" - }, - { - "name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000", - "refsource" : "CONFIRM", - "url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000" - }, - { - "name" : "http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638" - }, - { - "name" : "http://kolab.org/security/kolab-vendor-notice-21.txt", - "refsource" : "CONFIRM", - "url" : "http://kolab.org/security/kolab-vendor-notice-21.txt" - }, - { - "name" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html", - "refsource" : "CONFIRM", - "url" : "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html" - }, - { - "name" : "APPLE-SA-2008-09-15", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" - }, - { - "name" : "DSA-1616", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2008/dsa-1616" - }, - { - "name" : "FEDORA-2008-5476", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html" - }, - { - "name" : "FEDORA-2008-6422", - "refsource" : "FEDORA", - "url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html" - }, - { - "name" : "GLSA-200808-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-200808-07.xml" - }, - { - "name" : "MDVSA-2008:122", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122" - }, - { - "name" : "SUSE-SR:2008:014", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" - }, - { - "name" : "SUSE-SR:2008:015", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" - }, - { - "name" : "TA08-260A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" - }, - { - "name" : "29750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29750" - }, - { - "name" : "31167", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31167" - }, - { - "name" : "ADV-2008-1855", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1855/references" - }, - { - "name" : "ADV-2008-2584", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2584" - }, - { - "name" : "1020305", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020305" - }, - { - "name" : "30657", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30657" - }, - { - "name" : "30785", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30785" - }, - { - "name" : "30829", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30829" - }, - { - "name" : "30967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30967" - }, - { - "name" : "31091", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31091" - }, - { - "name" : "31206", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31206" - }, - { - "name" : "31437", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31437" - }, - { - "name" : "31576", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31576" - }, - { - "name" : "31882", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31882" - }, - { - "name" : "clamav-petite-dos(43133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "31437", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31437" + }, + { + "name": "APPLE-SA-2008-09-15", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html" + }, + { + "name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html", + "refsource": "CONFIRM", + "url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html" + }, + { + "name": "MDVSA-2008:122", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122" + }, + { + "name": "TA08-260A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html" + }, + { + "name": "SUSE-SR:2008:015", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html" + }, + { + "name": "30785", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30785" + }, + { + "name": "ADV-2008-2584", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2584" + }, + { + "name": "[oss-security] 20080615 CVE id request: Clamav", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/15/2" + }, + { + "name": "ADV-2008-1855", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1855/references" + }, + { + "name": "30967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30967" + }, + { + "name": "31882", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31882" + }, + { + "name": "31091", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31091" + }, + { + "name": "30657", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30657" + }, + { + "name": "http://kolab.org/security/kolab-vendor-notice-21.txt", + "refsource": "CONFIRM", + "url": "http://kolab.org/security/kolab-vendor-notice-21.txt" + }, + { + "name": "clamav-petite-dos(43133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133" + }, + { + "name": "SUSE-SR:2008:014", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html" + }, + { + "name": "DSA-1616", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2008/dsa-1616" + }, + { + "name": "FEDORA-2008-5476", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html" + }, + { + "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000", + "refsource": "CONFIRM", + "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000" + }, + { + "name": "[oss-security] 20080617 Re: CVE id request: Clamav", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2008/06/17/8" + }, + { + "name": "GLSA-200808-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-200808-07.xml" + }, + { + "name": "29750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29750" + }, + { + "name": "30829", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30829" + }, + { + "name": "1020305", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020305" + }, + { + "name": "FEDORA-2008-6422", + "refsource": "FEDORA", + "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html" + }, + { + "name": "31167", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31167" + }, + { + "name": "31576", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31576" + }, + { + "name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886", + "refsource": "CONFIRM", + "url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886" + }, + { + "name": "http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638" + }, + { + "name": "31206", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31206" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0182.json b/2012/0xxx/CVE-2012-0182.json index 4f27a0dd083..735aba62cf9 100644 --- a/2012/0xxx/CVE-2012-0182.json +++ b/2012/0xxx/CVE-2012-0182.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0182", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka \"Word PAPX Section Corruption Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0182", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064" - }, - { - "name" : "TA12-283A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" - }, - { - "name" : "55780", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55780" - }, - { - "name" : "oval:org.mitre.oval:def:15426", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15426" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka \"Word PAPX Section Corruption Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55780", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55780" + }, + { + "name": "oval:org.mitre.oval:def:15426", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15426" + }, + { + "name": "TA12-283A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" + }, + { + "name": "MS12-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0370.json b/2012/0xxx/CVE-2012-0370.json index febedb31d01..2ef25a21989 100644 --- a/2012/0xxx/CVE-2012-0370.json +++ b/2012/0xxx/CVE-2012-0370.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0370", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0370", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html" - }, - { - "name" : "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.0 and 7.1 before 7.1.91.0, when WebAuth is enabled, allow remote attackers to cause a denial of service (device reload) via a sequence of (1) HTTP or (2) HTTPS packets, aka Bug ID CSCtt47435." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc" + }, + { + "name": "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0404.json b/2012/0xxx/CVE-2012-0404.json index 0b9477c1642..aa4aeecf6d8 100644 --- a/2012/0xxx/CVE-2012-0404.json +++ b/2012/0xxx/CVE-2012-0404.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0404", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security_alert@emc.com", + "ID": "CVE-2012-0404", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0057.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120313 ESA-2012-012: EMC Documentum eRoom Multiple Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0057.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0426.json b/2012/0xxx/CVE-2012-0426.json index 5360613e3a9..4bb9c67ccf9 100644 --- a/2012/0xxx/CVE-2012-0426.json +++ b/2012/0xxx/CVE-2012-0426.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0426", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0426", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=763793", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=763793" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=777453", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=777453" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=778273", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=778273" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=778293", - "refsource" : "MISC", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=778293" - }, - { - "name" : "http://download.novell.com/Download?buildid=DshQViDsMLE~", - "refsource" : "CONFIRM", - "url" : "http://download.novell.com/Download?buildid=DshQViDsMLE~" - }, - { - "name" : "https://support.novell.com/security/cve/CVE-2012-0426.html", - "refsource" : "CONFIRM", - "url" : "https://support.novell.com/security/cve/CVE-2012-0426.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=777453", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=777453" + }, + { + "name": "https://support.novell.com/security/cve/CVE-2012-0426.html", + "refsource": "CONFIRM", + "url": "https://support.novell.com/security/cve/CVE-2012-0426.html" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=778273", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=778273" + }, + { + "name": "http://download.novell.com/Download?buildid=DshQViDsMLE~", + "refsource": "CONFIRM", + "url": "http://download.novell.com/Download?buildid=DshQViDsMLE~" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=778293", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=778293" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=763793", + "refsource": "MISC", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=763793" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0731.json b/2012/0xxx/CVE-2012-0731.json index fc455d6e882..fe616478c2e 100644 --- a/2012/0xxx/CVE-2012-0731.json +++ b/2012/0xxx/CVE-2012-0731.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0731", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0731", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" - }, - { - "name" : "53247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53247" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ae-config-info-disclosure(74371)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not prevent service-account impersonation, which allows remote authenticated users to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + }, + { + "name": "53247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53247" + }, + { + "name": "ae-config-info-disclosure(74371)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74371" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0768.json b/2012/0xxx/CVE-2012-0768.json index 4f23f8d208c..e2b5da5c272 100644 --- a/2012/0xxx/CVE-2012-0768.json +++ b/2012/0xxx/CVE-2012-0768.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0768", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-0768", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "GLSA-201204-07", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml" - }, - { - "name" : "SUSE-SU-2012:0332", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html" - }, - { - "name" : "openSUSE-SU-2012:0331", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html" - }, - { - "name" : "oval:org.mitre.oval:def:15058", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15058" - }, - { - "name" : "oval:org.mitre.oval:def:15922", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15922" - }, - { - "name" : "48819", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48819" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15922", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15922" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-05.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-05.html" + }, + { + "name": "oval:org.mitre.oval:def:15058", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15058" + }, + { + "name": "GLSA-201204-07", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-07.xml" + }, + { + "name": "SUSE-SU-2012:0332", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html" + }, + { + "name": "openSUSE-SU-2012:0331", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html" + }, + { + "name": "48819", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48819" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1247.json b/2012/1xxx/CVE-2012-1247.json index 7dbb2316e89..864b22180f8 100644 --- a/2012/1xxx/CVE-2012-1247.json +++ b/2012/1xxx/CVE-2012-1247.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1247", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-1247", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kent-web.com/cart/mart.html", - "refsource" : "CONFIRM", - "url" : "http://www.kent-web.com/cart/mart.html" - }, - { - "name" : "JVN#63941302", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN63941302/index.html" - }, - { - "name" : "JVNDB-2012-000042", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000042" - }, - { - "name" : "53541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53541" - }, - { - "name" : "webmart-internetexplorer-cssexpr-xss(75674)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75674" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and earlier, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML by leveraging support for Cascading Style Sheets (CSS) expressions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000042", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000042" + }, + { + "name": "53541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53541" + }, + { + "name": "webmart-internetexplorer-cssexpr-xss(75674)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75674" + }, + { + "name": "JVN#63941302", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN63941302/index.html" + }, + { + "name": "http://www.kent-web.com/cart/mart.html", + "refsource": "CONFIRM", + "url": "http://www.kent-web.com/cart/mart.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1464.json b/2012/1xxx/CVE-2012-1464.json index 3fa3af76562..12662bf97a8 100644 --- a/2012/1xxx/CVE-2012-1464.json +++ b/2012/1xxx/CVE-2012-1464.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1464", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing \"?\" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1464", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18543", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18543" - }, - { - "name" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt" - }, - { - "name" : "http://secpod.org/blog/?p=478", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=478" - }, - { - "name" : "http://www.netmechanica.com/news/?news_id=26", - "refsource" : "CONFIRM", - "url" : "http://www.netmechanica.com/news/?news_id=26" - }, - { - "name" : "52645", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52645" - }, - { - "name" : "79653", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79653" - }, - { - "name" : "48168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48168" - }, - { - "name" : "netdecision-info-disclosure(73549)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73549" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dashboard Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the installation path via a request with a trailing \"?\" character, which causes Dashboard to attempt to access a non-existent resource. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "18543", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18543" + }, + { + "name": "netdecision-info-disclosure(73549)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73549" + }, + { + "name": "http://secpod.org/blog/?p=478", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=478" + }, + { + "name": "79653", + "refsource": "OSVDB", + "url": "http://osvdb.org/79653" + }, + { + "name": "52645", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52645" + }, + { + "name": "http://www.netmechanica.com/news/?news_id=26", + "refsource": "CONFIRM", + "url": "http://www.netmechanica.com/news/?news_id=26" + }, + { + "name": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt" + }, + { + "name": "48168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48168" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1466.json b/2012/1xxx/CVE-2012-1466.json index 0f3534eb0c8..b509531e4be 100644 --- a/2012/1xxx/CVE-2012-1466.json +++ b/2012/1xxx/CVE-2012-1466.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18542", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18542" - }, - { - "name" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt" - }, - { - "name" : "http://secpod.org/blog/?p=481", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=481" - }, - { - "name" : "http://www.netmechanica.com/news/?news_id=26", - "refsource" : "CONFIRM", - "url" : "http://www.netmechanica.com/news/?news_id=26" - }, - { - "name" : "52196", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52196" - }, - { - "name" : "79652", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79652" - }, - { - "name" : "48168", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48168" - }, - { - "name" : "netdecision-traffic-nd-source-disclosure(73531)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. NOTE: some of these details are obtained from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secpod.org/blog/?p=481", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=481" + }, + { + "name": "79652", + "refsource": "OSVDB", + "url": "http://osvdb.org/79652" + }, + { + "name": "netdecision-traffic-nd-source-disclosure(73531)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73531" + }, + { + "name": "52196", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52196" + }, + { + "name": "18542", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18542" + }, + { + "name": "http://www.netmechanica.com/news/?news_id=26", + "refsource": "CONFIRM", + "url": "http://www.netmechanica.com/news/?news_id=26" + }, + { + "name": "48168", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48168" + }, + { + "name": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Traffic_Grapher_Server_SourceCode_Disc_Vuln.txt" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1592.json b/2012/1xxx/CVE-2012-1592.json index f660a27bf1b..4755c8e9f40 100644 --- a/2012/1xxx/CVE-2012-1592.json +++ b/2012/1xxx/CVE-2012-1592.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1592", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1592", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1812.json b/2012/1xxx/CVE-2012-1812.json index d023f7b2f9e..cbe26f6e56f 100644 --- a/2012/1xxx/CVE-2012-1812.json +++ b/2012/1xxx/CVE-2012-1812.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1812", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1812", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf" - }, - { - "name" : "56364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56364" - }, - { - "name" : "51171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51171" - }, - { - "name" : "eoscada-eosfailoverservive-info-disc(79756)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79756" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to obtain sensitive cleartext information via a session on TCP port 12000." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "eoscada-eosfailoverservive-info-disc(79756)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79756" + }, + { + "name": "51171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51171" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf" + }, + { + "name": "56364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56364" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4900.json b/2012/4xxx/CVE-2012-4900.json index f46757482e0..ab6b5b8bb9d 100644 --- a/2012/4xxx/CVE-2012-4900.json +++ b/2012/4xxx/CVE-2012-4900.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4900", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4900", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5098.json b/2012/5xxx/CVE-2012-5098.json index 25b0e5545f5..d72262bd8bd 100644 --- a/2012/5xxx/CVE-2012-5098.json +++ b/2012/5xxx/CVE-2012-5098.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5098", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5098", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "18298", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18298" - }, - { - "name" : "51223", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51223" - }, - { - "name" : "phpxlinks-multiple-sql-injection(72066)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72066" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51223", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51223" + }, + { + "name": "phpxlinks-multiple-sql-injection(72066)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72066" + }, + { + "name": "18298", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18298" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5482.json b/2012/5xxx/CVE-2012-5482.json index 26c252b21bc..84866e2fa62 100644 --- a/2012/5xxx/CVE-2012-5482.json +++ b/2012/5xxx/CVE-2012-5482.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/07/6" - }, - { - "name" : "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/08/2" - }, - { - "name" : "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/09/1" - }, - { - "name" : "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/09/5" - }, - { - "name" : "https://bugs.launchpad.net/glance/+bug/1076506", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/glance/+bug/1076506" - }, - { - "name" : "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88" - }, - { - "name" : "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", - "refsource" : "CONFIRM", - "url" : "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3" - }, - { - "name" : "FEDORA-2012-17901", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html" - }, - { - "name" : "SUSE-SU-2012:1455", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html" - }, - { - "name" : "56437", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56437" - }, - { - "name" : "87248", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87248" - }, - { - "name" : "51174", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51174" - }, - { - "name" : "glance-v2api-security-bypass(80019)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-4573." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51174", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51174" + }, + { + "name": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/glance/commit/b591304b8980d8aca8fa6cda9ea1621aca000c88" + }, + { + "name": "[oss-security] 20121108 Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/08/2" + }, + { + "name": "https://bugs.launchpad.net/glance/+bug/1076506", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/glance/+bug/1076506" + }, + { + "name": "56437", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56437" + }, + { + "name": "glance-v2api-security-bypass(80019)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80019" + }, + { + "name": "FEDORA-2012-17901", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092192.html" + }, + { + "name": "[oss-security] 20121107 [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/07/6" + }, + { + "name": "[oss-security] 20121109 [OSSA 2012-017.1] Authentication bypass for image deletion (CVE-2012-4573, CVE-2012-5482) ERRATA 1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/09/5" + }, + { + "name": "87248", + "refsource": "OSVDB", + "url": "http://osvdb.org/87248" + }, + { + "name": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3", + "refsource": "CONFIRM", + "url": "https://github.com/openstack/glance/commit/fc0ee7623ec59c87ac6fc671e95a9798d6f2e2c3" + }, + { + "name": "[oss-security] 20121109 Re: Re: [OSSA 2012-017] Authentication bypass for image deletion (CVE-2012-4573)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/09/1" + }, + { + "name": "SUSE-SU-2012:1455", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00002.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3598.json b/2017/3xxx/CVE-2017-3598.json index 269d640d048..6fadd93aa43 100644 --- a/2017/3xxx/CVE-2017-3598.json +++ b/2017/3xxx/CVE-2017-3598.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WebCenter Sites", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "11.1.1.8.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.1.0" - }, - { - "version_affected" : "=", - "version_value" : "12.2.1.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WebCenter Sites", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "11.1.1.8.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.0.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.1.0" + }, + { + "version_affected": "=", + "version_value": "12.2.1.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97905", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97905" - }, - { - "name" : "1038291", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038291" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebCenter Sites accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038291", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038291" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "97905", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97905" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3645.json b/2017/3xxx/CVE-2017-3645.json index 81c2fadbeba..6e2e9ce80be 100644 --- a/2017/3xxx/CVE-2017-3645.json +++ b/2017/3xxx/CVE-2017-3645.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "5.7.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "5.7.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" - }, - { - "name" : "RHSA-2017:2886", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2886" - }, - { - "name" : "99783", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99783" - }, - { - "name" : "1038928", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038928" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99783", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99783" + }, + { + "name": "1038928", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038928" + }, + { + "name": "RHSA-2017:2886", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2886" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3981.json b/2017/3xxx/CVE-2017-3981.json index 13a0d9534da..7c6195b8005 100644 --- a/2017/3xxx/CVE-2017-3981.json +++ b/2017/3xxx/CVE-2017-3981.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3981", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3981", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6542.json b/2017/6xxx/CVE-2017-6542.json index e8c13f0f098..c435b11e7da 100644 --- a/2017/6xxx/CVE-2017-6542.json +++ b/2017/6xxx/CVE-2017-6542.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6542", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6542", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42137", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42137/" - }, - { - "name" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html", - "refsource" : "CONFIRM", - "url" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" - }, - { - "name" : "https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8", - "refsource" : "CONFIRM", - "url" : "https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8" - }, - { - "name" : "GLSA-201703-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201703-03" - }, - { - "name" : "GLSA-201706-09", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-09" - }, - { - "name" : "openSUSE-SU-2017:0741", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html" - }, - { - "name" : "97156", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97156" - }, - { - "name" : "1038067", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038067" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97156", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97156" + }, + { + "name": "42137", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42137/" + }, + { + "name": "GLSA-201703-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201703-03" + }, + { + "name": "https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8", + "refsource": "CONFIRM", + "url": "https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8" + }, + { + "name": "1038067", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038067" + }, + { + "name": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html", + "refsource": "CONFIRM", + "url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html" + }, + { + "name": "openSUSE-SU-2017:0741", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2017-03/msg00055.html" + }, + { + "name": "GLSA-201706-09", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-09" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6837.json b/2017/6xxx/CVE-2017-6837.json index 155ced22dda..07fbcda6d9c 100644 --- a/2017/6xxx/CVE-2017-6837.json +++ b/2017/6xxx/CVE-2017-6837.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6837", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6837", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/9" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" - }, - { - "name" : "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0", - "refsource" : "MISC", - "url" : "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/41", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/41" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - }, - { - "name" : "97314", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97314" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97314", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97314" + }, + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0", + "refsource": "MISC", + "url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0" + }, + { + "name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/41", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/41" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6973.json b/2017/6xxx/CVE-2017-6973.json index a4e925aa6e1..55c6b0c143d 100644 --- a/2017/6xxx/CVE-2017-6973.json +++ b/2017/6xxx/CVE-2017-6973.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6973", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6973", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://openwall.com/lists/oss-security/2017/03/30/4", - "refsource" : "CONFIRM", - "url" : "http://openwall.com/lists/oss-security/2017/03/30/4" - }, - { - "name" : "http://www.mantisbt.org/bugs/view.php?id=22537", - "refsource" : "CONFIRM", - "url" : "http://www.mantisbt.org/bugs/view.php?id=22537" - }, - { - "name" : "97252", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97252" - }, - { - "name" : "1038169", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter. This is fixed in 1.3.8, 2.1.2, and 2.2.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://openwall.com/lists/oss-security/2017/03/30/4", + "refsource": "CONFIRM", + "url": "http://openwall.com/lists/oss-security/2017/03/30/4" + }, + { + "name": "1038169", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038169" + }, + { + "name": "http://www.mantisbt.org/bugs/view.php?id=22537", + "refsource": "CONFIRM", + "url": "http://www.mantisbt.org/bugs/view.php?id=22537" + }, + { + "name": "97252", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97252" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7038.json b/2017/7xxx/CVE-2017-7038.json index 5bd9b5abd92..79d375535ae 100644 --- a/2017/7xxx/CVE-2017-7038.json +++ b/2017/7xxx/CVE-2017-7038.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7038", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7038", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207921", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207921" - }, - { - "name" : "https://support.apple.com/HT207923", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207923" - }, - { - "name" : "https://support.apple.com/HT207924", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207924" - }, - { - "name" : "GLSA-201710-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201710-14" - }, - { - "name" : "99888", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99888" - }, - { - "name" : "1038950", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038950" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A DOMParser XSS issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT207924", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207924" + }, + { + "name": "99888", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99888" + }, + { + "name": "https://support.apple.com/HT207921", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207921" + }, + { + "name": "https://support.apple.com/HT207923", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207923" + }, + { + "name": "GLSA-201710-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201710-14" + }, + { + "name": "1038950", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038950" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7430.json b/2017/7xxx/CVE-2017-7430.json index dcce7db02a3..ccdc3bd3acd 100644 --- a/2017/7xxx/CVE-2017-7430.json +++ b/2017/7xxx/CVE-2017-7430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@microfocus.com", - "ID" : "CVE-2017-7430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1", - "version" : { - "version_data" : [ - { - "version_value" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "XSS" - } + "CVE_data_meta": { + "ASSIGNER": "security@suse.com", + "ID": "CVE-2017-7430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1", + "version": { + "version_data": [ + { + "version_value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1024959", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1024959" - }, - { - "name" : "https://bugzilla.novell.com/show_bug.cgi?id=1030691", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.novell.com/show_bug.cgi?id=1030691" - }, - { - "name" : "https://dl.netiq.com/Download?buildid=24FxpmqdThE~", - "refsource" : "CONFIRM", - "url" : "https://dl.netiq.com/Download?buildid=24FxpmqdThE~" - }, - { - "name" : "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~", - "refsource" : "CONFIRM", - "url" : "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~" - }, - { - "name" : "https://www.netiq.com/support/kb/doc.php?id=7016795", - "refsource" : "CONFIRM", - "url" : "https://www.netiq.com/support/kb/doc.php?id=7016795" - }, - { - "name" : "https://www.novell.com/support/kb/doc.php?id=7010166", - "refsource" : "CONFIRM", - "url" : "https://www.novell.com/support/kb/doc.php?id=7010166" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "XSS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1024959", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1024959" + }, + { + "name": "https://www.novell.com/support/kb/doc.php?id=7010166", + "refsource": "CONFIRM", + "url": "https://www.novell.com/support/kb/doc.php?id=7010166" + }, + { + "name": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~", + "refsource": "CONFIRM", + "url": "https://dl.netiq.com/Download?buildid=24FxpmqdThE~" + }, + { + "name": "https://www.netiq.com/support/kb/doc.php?id=7016795", + "refsource": "CONFIRM", + "url": "https://www.netiq.com/support/kb/doc.php?id=7016795" + }, + { + "name": "https://bugzilla.novell.com/show_bug.cgi?id=1030691", + "refsource": "CONFIRM", + "url": "https://bugzilla.novell.com/show_bug.cgi?id=1030691" + }, + { + "name": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~", + "refsource": "CONFIRM", + "url": "https://dl.netiq.com/Download?buildid=wpS1UqIlx-o~" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7721.json b/2017/7xxx/CVE-2017-7721.json index 44b787ecd90..eb87ea1da0f 100644 --- a/2017/7xxx/CVE-2017-7721.json +++ b/2017/7xxx/CVE-2017-7721.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7721", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7721", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-7721", - "refsource" : "MISC", - "url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-7721" - }, - { - "name" : "http://www.irfanview.com/plugins.htm", - "refsource" : "CONFIRM", - "url" : "http://www.irfanview.com/plugins.htm" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.irfanview.com/plugins.htm", + "refsource": "CONFIRM", + "url": "http://www.irfanview.com/plugins.htm" + }, + { + "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-7721", + "refsource": "MISC", + "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-7721" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7792.json b/2017/7xxx/CVE-2017-7792.json index e92ce8ea67a..8302f93172d 100644 --- a/2017/7xxx/CVE-2017-7792.json +++ b/2017/7xxx/CVE-2017-7792.json @@ -1,135 +1,135 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@mozilla.org", - "ID" : "CVE-2017-7792", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Thunderbird", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox ESR", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "52.3" - } - ] - } - }, - { - "product_name" : "Firefox", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "55" - } - ] - } - } - ] - }, - "vendor_name" : "Mozilla" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer overflow viewing certificates with an extremely long OID" - } + "CVE_data_meta": { + "ASSIGNER": "security@mozilla.org", + "ID": "CVE-2017-7792", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Thunderbird", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox ESR", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "52.3" + } + ] + } + }, + { + "product_name": "Firefox", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "55" + } + ] + } + } + ] + }, + "vendor_name": "Mozilla" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368652", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1368652" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-19/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-19/" - }, - { - "name" : "https://www.mozilla.org/security/advisories/mfsa2017-20/", - "refsource" : "CONFIRM", - "url" : "https://www.mozilla.org/security/advisories/mfsa2017-20/" - }, - { - "name" : "DSA-3928", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3928" - }, - { - "name" : "DSA-3968", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2017/dsa-3968" - }, - { - "name" : "GLSA-201803-14", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201803-14" - }, - { - "name" : "RHSA-2017:2456", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2456" - }, - { - "name" : "RHSA-2017:2534", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2534" - }, - { - "name" : "100206", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100206" - }, - { - "name" : "1039124", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039124" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer overflow viewing certificates with an extremely long OID" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-19/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-19/" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-20/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-20/" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368652", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1368652" + }, + { + "name": "DSA-3968", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3968" + }, + { + "name": "https://www.mozilla.org/security/advisories/mfsa2017-18/", + "refsource": "CONFIRM", + "url": "https://www.mozilla.org/security/advisories/mfsa2017-18/" + }, + { + "name": "RHSA-2017:2456", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2456" + }, + { + "name": "RHSA-2017:2534", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2534" + }, + { + "name": "100206", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100206" + }, + { + "name": "1039124", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039124" + }, + { + "name": "GLSA-201803-14", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201803-14" + }, + { + "name": "DSA-3928", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2017/dsa-3928" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8236.json b/2017/8xxx/CVE-2017-8236.json index e9476372aa1..3d321a62d7b 100644 --- a/2017/8xxx/CVE-2017-8236.json +++ b/2017/8xxx/CVE-2017-8236.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@qualcomm.com", - "ID" : "CVE-2017-8236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "All Qualcomm products", - "version" : { - "version_data" : [ - { - "version_value" : "All Android releases from CAF using the Linux kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Qualcomm, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Buffer Copy without Checking Size of Input in IPA" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@qualcomm.com", + "ID": "CVE-2017-8236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "All Qualcomm products", + "version": { + "version_data": [ + { + "version_value": "All Android releases from CAF using the Linux kernel" + } + ] + } + } + ] + }, + "vendor_name": "Qualcomm, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2017-06-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2017-06-01" - }, - { - "name" : "1038623", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038623" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Buffer Copy without Checking Size of Input in IPA" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://source.android.com/security/bulletin/2017-06-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2017-06-01" + }, + { + "name": "1038623", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038623" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8910.json b/2017/8xxx/CVE-2017-8910.json index 5980aa6e150..8a79cea275a 100644 --- a/2017/8xxx/CVE-2017-8910.json +++ b/2017/8xxx/CVE-2017-8910.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8910", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8910", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10012.json b/2018/10xxx/CVE-2018-10012.json index 5b63259fcc4..6c07e14a1cc 100644 --- a/2018/10xxx/CVE-2018-10012.json +++ b/2018/10xxx/CVE-2018-10012.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10012", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10012", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10043.json b/2018/10xxx/CVE-2018-10043.json index 46ad0e8661c..566ad95dd38 100644 --- a/2018/10xxx/CVE-2018-10043.json +++ b/2018/10xxx/CVE-2018-10043.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10043", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10043", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10146.json b/2018/10xxx/CVE-2018-10146.json index 33deacfc475..69c5c2a4520 100644 --- a/2018/10xxx/CVE-2018-10146.json +++ b/2018/10xxx/CVE-2018-10146.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10146", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10146", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10305.json b/2018/10xxx/CVE-2018-10305.json index 3b9746ee3c5..dfe4804cfc1 100644 --- a/2018/10xxx/CVE-2018-10305.json +++ b/2018/10xxx/CVE-2018-10305.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10305", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10305", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.simplemachines.org/community/index.php?topic=557176.0", - "refsource" : "MISC", - "url" : "https://www.simplemachines.org/community/index.php?topic=557176.0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MessageSearch2 function in PersonalMessage.php in Simple Machines Forum (SMF) before 2.0.15 does not properly use the possible_users variable in a query, which might allow attackers to bypass intended access restrictions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.simplemachines.org/community/index.php?topic=557176.0", + "refsource": "MISC", + "url": "https://www.simplemachines.org/community/index.php?topic=557176.0" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10338.json b/2018/10xxx/CVE-2018-10338.json index 39419cee37a..49947d50ea1 100644 --- a/2018/10xxx/CVE-2018-10338.json +++ b/2018/10xxx/CVE-2018-10338.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10338", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10338", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10806.json b/2018/10xxx/CVE-2018-10806.json index 8a86a4bb5df..aeb47ddd33e 100644 --- a/2018/10xxx/CVE-2018-10806.json +++ b/2018/10xxx/CVE-2018-10806.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10806", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10806", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/philippe/FrogCMS/issues/10", - "refsource" : "MISC", - "url" : "https://github.com/philippe/FrogCMS/issues/10" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross Site Scripting Vulnerability via the file[current_name] parameter to the admin/?/plugin/file_manager/rename URI. This can be used in conjunction with CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/philippe/FrogCMS/issues/10", + "refsource": "MISC", + "url": "https://github.com/philippe/FrogCMS/issues/10" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10909.json b/2018/10xxx/CVE-2018-10909.json index 5a19bbacbd6..290563a0e42 100644 --- a/2018/10xxx/CVE-2018-10909.json +++ b/2018/10xxx/CVE-2018-10909.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10909", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10909", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13109.json b/2018/13xxx/CVE-2018-13109.json index 039c1b15d3b..ca8da0fdb15 100644 --- a/2018/13xxx/CVE-2018-13109.json +++ b/2018/13xxx/CVE-2018-13109.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13109", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13109", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542119/100/0/threaded" - }, - { - "name" : "44982", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44982/" - }, - { - "name" : "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/18" - }, - { - "name" : "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html" - }, - { - "name" : "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/", - "refsource" : "MISC", - "url" : "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/18" + }, + { + "name": "44982", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44982/" + }, + { + "name": "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html" + }, + { + "name": "20180704 SEC Consult SA-20180704-1 :: Authorization Bypass in all ADB Broadband Gateways / Routers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542119/100/0/threaded" + }, + { + "name": "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/", + "refsource": "MISC", + "url": "https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13217.json b/2018/13xxx/CVE-2018-13217.json index 6b3e7c0c90e..2bd24a1a9a3 100644 --- a/2018/13xxx/CVE-2018-13217.json +++ b/2018/13xxx/CVE-2018-13217.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13217", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13217", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for CoinToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13222.json b/2018/13xxx/CVE-2018-13222.json index dcb40afafe2..f581fb2fd98 100644 --- a/2018/13xxx/CVE-2018-13222.json +++ b/2018/13xxx/CVE-2018-13222.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13222", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13222", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The sell function of a smart contract implementation for ObjectToken (OBJ), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ObjectToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13389.json b/2018/13xxx/CVE-2018-13389.json index 8e95646b1de..883084d55b9 100644 --- a/2018/13xxx/CVE-2018-13389.json +++ b/2018/13xxx/CVE-2018-13389.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-07-09T00:00:00", - "ID" : "CVE-2018-13389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Confluence", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "6.6.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Content Spoofing" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-07-09T00:00:00", + "ID": "CVE-2018-13389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Confluence", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "6.6.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/CONFSERVER-54906", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/CONFSERVER-54906" - }, - { - "name" : "104755", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104755" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The attachment resource in Atlassian Confluence before version 6.6.1 allows remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of application/rdf+xml." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Content Spoofing" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/CONFSERVER-54906", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/CONFSERVER-54906" + }, + { + "name": "104755", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104755" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13836.json b/2018/13xxx/CVE-2018-13836.json index f474adb8ccb..e79fb63e745 100644 --- a/2018/13xxx/CVE-2018-13836.json +++ b/2018/13xxx/CVE-2018-13836.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13836", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13836", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md" - }, - { - "name" : "https://github.com/VenusADLab/EtherTokens/tree/master/Rocket%20Coin(XRC)", - "refsource" : "MISC", - "url" : "https://github.com/VenusADLab/EtherTokens/tree/master/Rocket%20Coin(XRC)" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VenusADLab/EtherTokens/tree/master/Rocket%20Coin(XRC)", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/tree/master/Rocket%20Coin(XRC)" + }, + { + "name": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md", + "refsource": "MISC", + "url": "https://github.com/VenusADLab/EtherTokens/blob/master/SHARKTECH/SHARKTECH.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17075.json b/2018/17xxx/CVE-2018-17075.json index bc6236924dc..a67a8272b39 100644 --- a/2018/17xxx/CVE-2018-17075.json +++ b/2018/17xxx/CVE-2018-17075.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The html package (aka x/net/html) before 2018-07-13 in Go mishandles \"in frameset\" insertion mode, leading to a \"panic: runtime error\" for html.Parse of