diff --git a/2002/0xxx/CVE-2002-0021.json b/2002/0xxx/CVE-2002-0021.json index 90b52ca8127..30a93e13422 100644 --- a/2002/0xxx/CVE-2002-0021.json +++ b/2002/0xxx/CVE-2002-0021.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0021", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0021", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-002", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-002" - }, - { - "name" : "4045", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4045" - }, - { - "name" : "2041", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2041" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-002", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-002" + }, + { + "name": "2041", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2041" + }, + { + "name": "4045", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4045" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0613.json b/2002/0xxx/CVE-2002-0613.json index 040ef63b826..b561078d987 100644 --- a/2002/0xxx/CVE-2002-0613.json +++ b/2002/0xxx/CVE-2002-0613.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0613", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0613", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020428 dnstools: authentication bypass vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html" - }, - { - "name" : "http://www.dnstools.com/dnstools_2.0.1.tar.gz", - "refsource" : "CONFIRM", - "url" : "http://www.dnstools.com/dnstools_2.0.1.tar.gz" - }, - { - "name" : "4617", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4617" - }, - { - "name" : "dnstools-auth-bypass(8948)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8948.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dnstools-auth-bypass(8948)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8948.php" + }, + { + "name": "4617", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4617" + }, + { + "name": "http://www.dnstools.com/dnstools_2.0.1.tar.gz", + "refsource": "CONFIRM", + "url": "http://www.dnstools.com/dnstools_2.0.1.tar.gz" + }, + { + "name": "20020428 dnstools: authentication bypass vulnerability", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1633.json b/2002/1xxx/CVE-2002-1633.json index 2450838b7db..e4b7d65f714 100644 --- a/2002/1xxx/CVE-2002-1633.json +++ b/2002/1xxx/CVE-2002-1633.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020612 madcr: QnX 4.25 - multiples bof in suid/no suid files", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/276553" - }, - { - "name" : "VU#879386", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/879386" - }, - { - "name" : "5000", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5000" - }, - { - "name" : "qnx-rtos-bin-bo(9341)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9341" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in QNX 4.25 may allow local users to execute arbitrary code via long command line arguments to (1) sample, (2) ex, (3) du, (4) find, (5) lex, (6) mkdir, (7) rm, (8) serserv, (9) tcpserv, (10) termdef, (11) time, (12) unzip, (13) use, (14) wcc, (15) wcc386, (16) wd, (17) wdisasm, (18) which, (19) wlib, (20) wlink, (21) wpp, (22) wpp386, (23) wprof, (24) write, or (25) wstrip." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#879386", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/879386" + }, + { + "name": "qnx-rtos-bin-bo(9341)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9341" + }, + { + "name": "20020612 madcr: QnX 4.25 - multiples bof in suid/no suid files", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/276553" + }, + { + "name": "5000", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5000" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1868.json b/2002/1xxx/CVE-2002-1868.json index ef008073a61..0dd81e044d8 100644 --- a/2002/1xxx/CVE-2002-1868.json +++ b/2002/1xxx/CVE-2002-1868.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1868", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1868", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES", - "refsource" : "CONFIRM", - "url" : "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES" - }, - { - "name" : "5392", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5392" - }, - { - "name" : "dispair-execute-commands(9787)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9787.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "dispair-execute-commands(9787)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9787.php" + }, + { + "name": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES", + "refsource": "CONFIRM", + "url": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz&dir=&view=CHANGES" + }, + { + "name": "5392", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5392" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0007.json b/2003/0xxx/CVE-2003-0007.json index fabdda27a5a..f3db56b7b8e 100644 --- a/2003/0xxx/CVE-2003-0007.json +++ b/2003/0xxx/CVE-2003-0007.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka \"Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-003", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003" - }, - { - "name" : "6667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6667" - }, - { - "name" : "outlook-v1-certificate-plaintext(11133)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11133" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka \"Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS03-003", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003" + }, + { + "name": "outlook-v1-certificate-plaintext(11133)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11133" + }, + { + "name": "6667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6667" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0186.json b/2003/0xxx/CVE-2003-0186.json index 01222d256d5..e5d4b8493ab 100644 --- a/2003/0xxx/CVE-2003-0186.json +++ b/2003/0xxx/CVE-2003-0186.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0186", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0186", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0220.json b/2003/0xxx/CVE-2003-0220.json index 692fcfcff3b..79ca2d4a3f2 100644 --- a/2003/0xxx/CVE-2003-0220.json +++ b/2003/0xxx/CVE-2003-0220.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105155734411836&w=2" - }, - { - "name" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", - "refsource" : "MISC", - "url" : "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10" - }, - { - "name" : "VU#454716", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/454716" - }, - { - "name" : "7180", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7180" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#454716", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/454716" + }, + { + "name": "7180", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7180" + }, + { + "name": "20030428 CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105155734411836&w=2" + }, + { + "name": "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10", + "refsource": "MISC", + "url": "http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0231.json b/2003/0xxx/CVE-2003-0231.json index a461c39ac8a..98a82472678 100644 --- a/2003/0xxx/CVE-2003-0231.json +++ b/2003/0xxx/CVE-2003-0231.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0231", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0231", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A072303-2", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2003/a072303-2.txt" - }, - { - "name" : "MS03-031", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031" - }, - { - "name" : "VU#918652", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/918652" - }, - { - "name" : "oval:org.mitre.oval:def:299", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "A072303-2", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2003/a072303-2.txt" + }, + { + "name": "oval:org.mitre.oval:def:299", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A299" + }, + { + "name": "MS03-031", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-031" + }, + { + "name": "VU#918652", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/918652" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0507.json b/2003/0xxx/CVE-2003-0507.json index 6006059d016..200512b22e4 100644 --- a/2003/0xxx/CVE-2003-0507.json +++ b/2003/0xxx/CVE-2003-0507.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0507", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) \"AND,\" (2) \"OR,\" and possibly other statements, which causes LSASS.EXE to crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0507", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030702 CORE-2003-0305-03: Active Directory Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105716669921775&w=2" - }, - { - "name" : "Q319709", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/default.aspx?kbid=319709" - }, - { - "name" : "VU#594108", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/594108" - }, - { - "name" : "7930", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7930" - }, - { - "name" : "9171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9171" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in Active Directory in Windows 2000 before SP4 allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via an LDAP version 3 search request with a large number of (1) \"AND,\" (2) \"OR,\" and possibly other statements, which causes LSASS.EXE to crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "Q319709", + "refsource": "MSKB", + "url": "http://support.microsoft.com/default.aspx?kbid=319709" + }, + { + "name": "7930", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7930" + }, + { + "name": "20030702 CORE-2003-0305-03: Active Directory Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105716669921775&w=2" + }, + { + "name": "9171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9171" + }, + { + "name": "VU#594108", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/594108" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1144.json b/2003/1xxx/CVE-2003-1144.json index e709d4642ea..340a727557b 100644 --- a/2003/1xxx/CVE-2003-1144.json +++ b/2003/1xxx/CVE-2003-1144.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031104 Liteserve Buffer Overflow in Handling Server's Log.", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343322" - }, - { - "name" : "20031103 Liteserve Buffer Overflow in Handling Server's Log", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013231.html" - }, - { - "name" : "8971", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8971" - }, - { - "name" : "2766", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/2766" - }, - { - "name" : "1008093", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008093" - }, - { - "name" : "10136", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10136" - }, - { - "name" : "liteserve-log-entry-bo(13599)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the log viewing interface in Perception LiteServe 1.25 through 2.2 allows remote attackers to execute arbitrary code via a GET request with a long file name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10136", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10136" + }, + { + "name": "1008093", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008093" + }, + { + "name": "2766", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/2766" + }, + { + "name": "20031103 Liteserve Buffer Overflow in Handling Server's Log", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-November/013231.html" + }, + { + "name": "20031104 Liteserve Buffer Overflow in Handling Server's Log.", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343322" + }, + { + "name": "8971", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8971" + }, + { + "name": "liteserve-log-entry-bo(13599)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13599" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1323.json b/2003/1xxx/CVE-2003-1323.json index 556043dc8f8..22295ac3720 100644 --- a/2003/1xxx/CVE-2003-1323.json +++ b/2003/1xxx/CVE-2003-1323.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1323", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1323", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", - "refsource" : "CONFIRM", - "url" : "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Elm ME+ 2.4 before PL109S, when installed setgid mail and the operating system lacks POSIX saved ID support, allows local users to read and modify certain files with the privileges of the mail group via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz", + "refsource": "CONFIRM", + "url": "http://www.elmme-mailer.org/elm-2.4ME+PL109S.patch.gz" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0468.json b/2012/0xxx/CVE-2012-0468.json index a3e73584eab..124b4b94d50 100644 --- a/2012/0xxx/CVE-2012-0468.json +++ b/2012/0xxx/CVE-2012-0468.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-20.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-20.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714616", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=714616" - }, - { - "name" : "MDVSA-2012:066", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" - }, - { - "name" : "MDVSA-2012:081", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" - }, - { - "name" : "53221", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53221" - }, - { - "name" : "oval:org.mitre.oval:def:16771", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16771" - }, - { - "name" : "48972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48972" - }, - { - "name" : "49047", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49047" - }, - { - "name" : "49055", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49055" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=714616", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=714616" + }, + { + "name": "oval:org.mitre.oval:def:16771", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16771" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-20.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-20.html" + }, + { + "name": "49055", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49055" + }, + { + "name": "MDVSA-2012:081", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081" + }, + { + "name": "48972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48972" + }, + { + "name": "MDVSA-2012:066", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066" + }, + { + "name": "49047", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49047" + }, + { + "name": "53221", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53221" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0918.json b/2012/0xxx/CVE-2012-0918.json index abf4626e2b1..0f95ce993da 100644 --- a/2012/0xxx/CVE-2012-0918.json +++ b/2012/0xxx/CVE-2012-0918.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0918", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0918", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html" - }, - { - "name" : "51580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51580" - }, - { - "name" : "47612", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47612" - }, - { - "name" : "47643", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47643" - }, - { - "name" : "hitachi-cobol2002-unspec-code-exec(72558)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72558" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers to execute arbitrary code via unknown attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hitachi-cobol2002-unspec-code-exec(72558)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72558" + }, + { + "name": "47643", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47643" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-002/index.html" + }, + { + "name": "47612", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47612" + }, + { + "name": "51580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51580" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0952.json b/2012/0xxx/CVE-2012-0952.json index 15fb6ca7ca1..c43eece1b76 100644 --- a/2012/0xxx/CVE-2012-0952.json +++ b/2012/0xxx/CVE-2012-0952.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0952", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0952", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1067.json b/2012/1xxx/CVE-2012-1067.json index 55bdf6a2d99..6ea3644ea07 100644 --- a/2012/1xxx/CVE-2012-1067.json +++ b/2012/1xxx/CVE-2012-1067.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1067", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1067", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "51859", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51859" - }, - { - "name" : "78820", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78820" - }, - { - "name" : "47870", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47870" - }, - { - "name" : "wprecentcomments-index-sql-injection(72951)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "78820", + "refsource": "OSVDB", + "url": "http://osvdb.org/78820" + }, + { + "name": "47870", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47870" + }, + { + "name": "wprecentcomments-index-sql-injection(72951)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72951" + }, + { + "name": "51859", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51859" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1205.json b/2012/1xxx/CVE-2012-1205.json index 33467387ffa..d6265f96251 100644 --- a/2012/1xxx/CVE-2012-1205.json +++ b/2012/1xxx/CVE-2012-1205.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1205", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1205", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://plugins.trac.wordpress.org/changeset/504380/relocate-upload", - "refsource" : "CONFIRM", - "url" : "http://plugins.trac.wordpress.org/changeset/504380/relocate-upload" - }, - { - "name" : "http://wordpress.org/extend/plugins/relocate-upload/changelog/", - "refsource" : "CONFIRM", - "url" : "http://wordpress.org/extend/plugins/relocate-upload/changelog/" - }, - { - "name" : "49693", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/49693" - }, - { - "name" : "79250", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/79250" - }, - { - "name" : "47976", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47976" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47976", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47976" + }, + { + "name": "http://wordpress.org/extend/plugins/relocate-upload/changelog/", + "refsource": "CONFIRM", + "url": "http://wordpress.org/extend/plugins/relocate-upload/changelog/" + }, + { + "name": "79250", + "refsource": "OSVDB", + "url": "http://osvdb.org/79250" + }, + { + "name": "49693", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/49693" + }, + { + "name": "http://plugins.trac.wordpress.org/changeset/504380/relocate-upload", + "refsource": "CONFIRM", + "url": "http://plugins.trac.wordpress.org/changeset/504380/relocate-upload" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1692.json b/2012/1xxx/CVE-2012-1692.json index 7155795f064..d61157d319d 100644 --- a/2012/1xxx/CVE-2012-1692.json +++ b/2012/1xxx/CVE-2012-1692.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1692", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1692", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "https://downloads.avaya.com/css/P8/documents/100161091", - "refsource" : "CONFIRM", - "url" : "https://downloads.avaya.com/css/P8/documents/100161091" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53125", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53125" - }, - { - "name" : "1026940", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026940" - }, - { - "name" : "48809", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48809" - }, - { - "name" : "51388", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability, related to SCTP." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51388", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51388" + }, + { + "name": "53125", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53125" + }, + { + "name": "https://downloads.avaya.com/css/P8/documents/100161091", + "refsource": "CONFIRM", + "url": "https://downloads.avaya.com/css/P8/documents/100161091" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "1026940", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026940" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "48809", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48809" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1770.json b/2012/1xxx/CVE-2012-1770.json index f7d9ccfc90a..38d6775e130 100644 --- a/2012/1xxx/CVE-2012-1770.json +++ b/2012/1xxx/CVE-2012-1770.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1770", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1770", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", - "refsource" : "CONFIRM", - "url" : "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" - }, - { - "name" : "http://technet.microsoft.com/security/advisory/2737111", - "refsource" : "CONFIRM", - "url" : "http://technet.microsoft.com/security/advisory/2737111" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "MS12-067", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" - }, - { - "name" : "MS12-058", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" - }, - { - "name" : "VU#118913", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/118913" - }, - { - "name" : "54541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54541" - }, - { - "name" : "oval:org.mitre.oval:def:14882", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14882" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "outsideintechnology-outside-dos(77003)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77003" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx", + "refsource": "CONFIRM", + "url": "http://blogs.technet.com/b/srd/archive/2012/07/24/more-information-on-security-advisory-2737111.aspx" + }, + { + "name": "outsideintechnology-outside-dos(77003)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77003" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "oval:org.mitre.oval:def:14882", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14882" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" + }, + { + "name": "VU#118913", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/118913" + }, + { + "name": "MS12-058", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-058" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MS12-067", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-067" + }, + { + "name": "54541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54541" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + }, + { + "name": "http://technet.microsoft.com/security/advisory/2737111", + "refsource": "CONFIRM", + "url": "http://technet.microsoft.com/security/advisory/2737111" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3748.json b/2012/3xxx/CVE-2012-3748.json index d74dfad9e15..b7aa55533f6 100644 --- a/2012/3xxx/CVE-2012-3748.json +++ b/2012/3xxx/CVE-2012-3748.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3748", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3748", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121101 APPLE-SA-2012-11-01-1 iOS 6.0.1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html" - }, - { - "name" : "20121101 APPLE-SA-2012-11-01-2 Safari 6.0.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0013.html" - }, - { - "name" : "http://support.apple.com/kb/HT5567", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5567" - }, - { - "name" : "http://support.apple.com/kb/HT5568", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5568" - }, - { - "name" : "http://support.apple.com/kb/HT5598", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5598" - }, - { - "name" : "http://support.apple.com/kb/HT5921", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5921" - }, - { - "name" : "APPLE-SA-2012-11-01-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-11-01-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html" - }, - { - "name" : "APPLE-SA-2013-09-12-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html" - }, - { - "name" : "56362", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56362" - }, - { - "name" : "51445", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51445", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51445" + }, + { + "name": "http://support.apple.com/kb/HT5567", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5567" + }, + { + "name": "APPLE-SA-2013-09-12-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00003.html" + }, + { + "name": "APPLE-SA-2012-11-01-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00000.html" + }, + { + "name": "APPLE-SA-2012-11-01-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00001.html" + }, + { + "name": "http://support.apple.com/kb/HT5921", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5921" + }, + { + "name": "56362", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56362" + }, + { + "name": "http://support.apple.com/kb/HT5568", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5568" + }, + { + "name": "20121101 APPLE-SA-2012-11-01-1 iOS 6.0.1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0012.html" + }, + { + "name": "20121101 APPLE-SA-2012-11-01-2 Safari 6.0.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0013.html" + }, + { + "name": "http://support.apple.com/kb/HT5598", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5598" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3903.json b/2012/3xxx/CVE-2012-3903.json index 73d94f1e856..1d213192f91 100644 --- a/2012/3xxx/CVE-2012-3903.json +++ b/2012/3xxx/CVE-2012-3903.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3903", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3903", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4131.json b/2012/4xxx/CVE-2012-4131.json index be3c3bba6ff..de3ac81d889 100644 --- a/2012/4xxx/CVE-2012-4131.json +++ b/2012/4xxx/CVE-2012-4131.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4131", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4131", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20131219 Cisco NX-OS Arbitrary File Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4131" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20131219 Cisco NX-OS Arbitrary File Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4131" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4352.json b/2012/4xxx/CVE-2012-4352.json index b67b5be7417..b0229f49cb6 100644 --- a/2012/4xxx/CVE-2012-4352.json +++ b/2012/4xxx/CVE-2012-4352.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4352", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4352", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://infosec42.blogspot.com/2012/10/stoneware-webnetwork-61-reflective-xss.html", - "refsource" : "MISC", - "url" : "http://infosec42.blogspot.com/2012/10/stoneware-webnetwork-61-reflective-xss.html" - }, - { - "name" : "http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf", - "refsource" : "CONFIRM", - "url" : "http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Stoneware webNetwork 6.1 before SP1 allow remote attackers to inject arbitrary web script or HTML via the blogName parameter to (1) community/blog.jsp or (2) community/blogSearch.jsp, the (3) calendarType or (4) monthNumber parameter to community/calendar.jsp, or the (5) flag parameter to swDashboard/ajax/setAppFlag.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf", + "refsource": "CONFIRM", + "url": "http://stoneware-docs.s3.amazonaws.com/Bulletins/Security%20Bulletin%206_1_0.pdf" + }, + { + "name": "http://infosec42.blogspot.com/2012/10/stoneware-webnetwork-61-reflective-xss.html", + "refsource": "MISC", + "url": "http://infosec42.blogspot.com/2012/10/stoneware-webnetwork-61-reflective-xss.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4529.json b/2012/4xxx/CVE-2012-4529.json index d09bf6feea4..9d5230697c0 100644 --- a/2012/4xxx/CVE-2012-4529.json +++ b/2012/4xxx/CVE-2012-4529.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4529", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4529", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/", - "refsource" : "MISC", - "url" : "http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/" - }, - { - "name" : "https://issues.jboss.org/browse/JBWEB-249", - "refsource" : "CONFIRM", - "url" : "https://issues.jboss.org/browse/JBWEB-249" - }, - { - "name" : "RHSA-2013:0833", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html" - }, - { - "name" : "RHSA-2013:0834", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0834.html" - }, - { - "name" : "RHSA-2013:0839", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0839.html" - }, - { - "name" : "RHSA-2013:1437", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The org.apache.catalina.connector.Response.encodeURL method in Red Hat JBoss Web 7.1.x and earlier, when the tracking mode is set to COOKIE, sends the jsessionid in the URL of the first response of a session, which allows remote attackers to obtain the session id (1) via a man-in-the-middle attack or (2) by reading a log." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2013:0839", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0839.html" + }, + { + "name": "RHSA-2013:0833", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html" + }, + { + "name": "RHSA-2013:1437", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html" + }, + { + "name": "http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/", + "refsource": "MISC", + "url": "http://ocpsoft.org/support/topic/session-id-is-appended-as-url-path-parameter-in-very-first-request/" + }, + { + "name": "https://issues.jboss.org/browse/JBWEB-249", + "refsource": "CONFIRM", + "url": "https://issues.jboss.org/browse/JBWEB-249" + }, + { + "name": "RHSA-2013:0834", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4681.json b/2012/4xxx/CVE-2012-4681.json index cf5ccfa7601..6e4769157fa 100644 --- a/2012/4xxx/CVE-2012-4681.json +++ b/2012/4xxx/CVE-2012-4681.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4681", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4681", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html", - "refsource" : "MISC", - "url" : "http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html" - }, - { - "name" : "http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/", - "refsource" : "MISC", - "url" : "http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/" - }, - { - "name" : "https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day", - "refsource" : "MISC", - "url" : "https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day" - }, - { - "name" : "http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html", - "refsource" : "MISC", - "url" : "http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html" - }, - { - "name" : "http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html", - "refsource" : "MISC", - "url" : "http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html" - }, - { - "name" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html" - }, - { - "name" : "HPSBUX02824", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135109152819176&w=2" - }, - { - "name" : "SSRT100970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135109152819176&w=2" - }, - { - "name" : "RHSA-2012:1225", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1225.html" - }, - { - "name" : "SUSE-SU-2012:1231", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "TA12-240A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-240A.html" - }, - { - "name" : "55213", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55213" - }, - { - "name" : "51044", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51044" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.finder.ClassFinder.findClass and leveraging an exception with the forName method to access restricted classes from arbitrary packages such as sun.awt.SunToolkit, then (2) using \"reflection with a trusted immediate caller\" to leverage the getField method to access and modify private fields, as exploited in the wild in August 2012 using Gondzz.class and Gondvv.class." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html", + "refsource": "MISC", + "url": "http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html" + }, + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "SUSE-SU-2012:1231", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" + }, + { + "name": "TA12-240A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-240A.html" + }, + { + "name": "http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/", + "refsource": "MISC", + "url": "http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/" + }, + { + "name": "SSRT100970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135109152819176&w=2" + }, + { + "name": "https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day", + "refsource": "MISC", + "url": "https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day" + }, + { + "name": "http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html", + "refsource": "MISC", + "url": "http://www.deependresearch.org/2012/08/java-7-vulnerability-analysis.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2012-4681-1835715.html" + }, + { + "name": "RHSA-2012:1225", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1225.html" + }, + { + "name": "http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html", + "refsource": "MISC", + "url": "http://immunityproducts.blogspot.com/2012/08/java-0day-analysis-cve-2012-4681.html" + }, + { + "name": "51044", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51044" + }, + { + "name": "HPSBUX02824", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135109152819176&w=2" + }, + { + "name": "55213", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55213" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2024.json b/2017/2xxx/CVE-2017-2024.json index a5d4d3bcdc2..22cba76e12b 100644 --- a/2017/2xxx/CVE-2017-2024.json +++ b/2017/2xxx/CVE-2017-2024.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2024", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2024", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2119.json b/2017/2xxx/CVE-2017-2119.json index 89d2134a965..2980547e2a9 100644 --- a/2017/2xxx/CVE-2017-2119.json +++ b/2017/2xxx/CVE-2017-2119.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2119", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "WBCE CMS", - "version" : { - "version_data" : [ - { - "version_value" : "1.1.10 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "WBCE Team" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory traversal" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2119", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "WBCE CMS", + "version": { + "version_data": [ + { + "version_value": "1.1.10 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "WBCE Team" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://forum.wbce.org/viewtopic.php?id=977", - "refsource" : "MISC", - "url" : "https://forum.wbce.org/viewtopic.php?id=977" - }, - { - "name" : "JVN#73083905", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73083905/index.html" - }, - { - "name" : "96467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96467" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier allows remote attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#73083905", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73083905/index.html" + }, + { + "name": "96467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96467" + }, + { + "name": "https://forum.wbce.org/viewtopic.php?id=977", + "refsource": "MISC", + "url": "https://forum.wbce.org/viewtopic.php?id=977" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2432.json b/2017/2xxx/CVE-2017-2432.json index d32b1416804..dc4fe05b958 100644 --- a/2017/2xxx/CVE-2017-2432.json +++ b/2017/2xxx/CVE-2017-2432.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2432", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2432", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2688.json b/2017/2xxx/CVE-2017-2688.json index 864c56d8835..9c371b196a4 100644 --- a/2017/2xxx/CVE-2017-2688.json +++ b/2017/2xxx/CVE-2017-2688.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "productcert@siemens.com", - "ID" : "CVE-2017-2688", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "RUGGEDCOM ROX I All versions", - "version" : { - "version_data" : [ - { - "version_value" : "RUGGEDCOM ROX I All versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-352: Cross-Site Request Forgery (CSRF)" - } + "CVE_data_meta": { + "ASSIGNER": "productcert@siemens.com", + "ID": "CVE-2017-2688", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "RUGGEDCOM ROX I All versions", + "version": { + "version_data": [ + { + "version_value": "RUGGEDCOM ROX I All versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" - }, - { - "name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", - "refsource" : "CONFIRM", - "url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" - }, - { - "name" : "97170", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97170" - }, - { - "name" : "1038160", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow remote attackers to perform actions with the privileges of an authenticated user, provided the targeted user has an active session and is induced into clicking on a malicious link or into visiting a malicious website, aka CSRF." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-352: Cross-Site Request Forgery (CSRF)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97170", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97170" + }, + { + "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf", + "refsource": "CONFIRM", + "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-327980.pdf" + }, + { + "name": "1038160", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038160" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-087-01" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3105.json b/2017/3xxx/CVE-2017-3105.json index 26469ebb5da..05abb24aa26 100644 --- a/2017/3xxx/CVE-2017-3105.json +++ b/2017/3xxx/CVE-2017-3105.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3105", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe RoboHelp RH2017.0.1 and earlier versions", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe RoboHelp RH2017.0.1 and earlier versions" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3105", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe RoboHelp RH2017.0.1 and earlier versions", + "version": { + "version_data": [ + { + "version_value": "Adobe RoboHelp RH2017.0.1 and earlier versions" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html" - }, - { - "name" : "100709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100709" - }, - { - "name" : "1039319", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039319" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe RoboHelp has an Open Redirect vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100709" + }, + { + "name": "1039319", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039319" + }, + { + "name": "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/robohelp/apsb17-25.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3775.json b/2017/3xxx/CVE-2017-3775.json index a94e8fc1da1..1ad688698b1 100644 --- a/2017/3xxx/CVE-2017-3775.json +++ b/2017/3xxx/CVE-2017-3775.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@lenovo.com", - "DATE_PUBLIC" : "2018-05-03T00:00:00", - "ID" : "CVE-2017-3775", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Some Lenovo Flex System and Lenovo System x products", - "version" : { - "version_data" : [ - { - "version_value" : "Affected BIOS version varies by product" - } - ] - } - } - ] - }, - "vendor_name" : "Lenovo Group Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Booting unauthenticated code" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@lenovo.com", + "DATE_PUBLIC": "2018-05-03T00:00:00", + "ID": "CVE-2017-3775", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Some Lenovo Flex System and Lenovo System x products", + "version": { + "version_data": [ + { + "version_value": "Affected BIOS version varies by product" + } + ] + } + } + ] + }, + "vendor_name": "Lenovo Group Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.lenovo.com/us/en/solutions/LEN-20241", - "refsource" : "CONFIRM", - "url" : "https://support.lenovo.com/us/en/solutions/LEN-20241" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Booting unauthenticated code" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.lenovo.com/us/en/solutions/LEN-20241", + "refsource": "CONFIRM", + "url": "https://support.lenovo.com/us/en/solutions/LEN-20241" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6232.json b/2017/6xxx/CVE-2017-6232.json index 0ec8d353c89..ad5b5e60846 100644 --- a/2017/6xxx/CVE-2017-6232.json +++ b/2017/6xxx/CVE-2017-6232.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6232", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6232", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6243.json b/2017/6xxx/CVE-2017-6243.json index a40f04f3862..accea5d82db 100644 --- a/2017/6xxx/CVE-2017-6243.json +++ b/2017/6xxx/CVE-2017-6243.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6243", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6243", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6356.json b/2017/6xxx/CVE-2017-6356.json index f282dcbd6b6..aca9e3c1681 100644 --- a/2017/6xxx/CVE-2017-6356.json +++ b/2017/6xxx/CVE-2017-6356.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6356", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6356", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/76", - "refsource" : "CONFIRM", - "url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/76" - }, - { - "name" : "96925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96925" + }, + { + "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/76", + "refsource": "CONFIRM", + "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/76" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6553.json b/2017/6xxx/CVE-2017-6553.json index 11b92ce315b..6193d132242 100644 --- a/2017/6xxx/CVE-2017-6553.json +++ b/2017/6xxx/CVE-2017-6553.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6553", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6553", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "42010", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/42010/" - }, - { - "name" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/", - "refsource" : "MISC", - "url" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/" - }, - { - "name" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824", - "refsource" : "MISC", - "url" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/", + "refsource": "MISC", + "url": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/" + }, + { + "name": "42010", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/42010/" + }, + { + "name": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824", + "refsource": "MISC", + "url": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7100.json b/2017/7xxx/CVE-2017-7100.json index 4f5cd3ab37a..04ebc3c2a52 100644 --- a/2017/7xxx/CVE-2017-7100.json +++ b/2017/7xxx/CVE-2017-7100.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7100", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7100", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100995", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100995" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "100995", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100995" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7319.json b/2017/7xxx/CVE-2017-7319.json index 78b39eac0a1..860f0e54feb 100644 --- a/2017/7xxx/CVE-2017-7319.json +++ b/2017/7xxx/CVE-2017-7319.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7319", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-7319", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7347.json b/2017/7xxx/CVE-2017-7347.json index 5a6db5cfca8..aba55ac972a 100644 --- a/2017/7xxx/CVE-2017-7347.json +++ b/2017/7xxx/CVE-2017-7347.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7347", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7347", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10081.json b/2018/10xxx/CVE-2018-10081.json index 9255dafff50..e5671c20411 100644 --- a/2018/10xxx/CVE-2018-10081.json +++ b/2018/10xxx/CVE-2018-10081.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10081", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the \"0e\" substring." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10081", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/itodaro/cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the \"0e\" substring." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cve/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10870.json b/2018/10xxx/CVE-2018-10870.json index 157436c5a9c..d8133a173b5 100644 --- a/2018/10xxx/CVE-2018-10870.json +++ b/2018/10xxx/CVE-2018-10870.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10870", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rhcertstore.py", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "redhat-certification" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10870", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rhcertstore.py", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "redhat-certification" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870" - }, - { - "name" : "RHSA-2018:2373", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2373" - }, - { - "name" : "104857", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104857" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "redhat-certification does not properly sanitize paths in rhcertStore.py:__saveResultsFile. A remote attacker could use this flaw to overwrite any file, potentially gaining remote code execution." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10870" + }, + { + "name": "RHSA-2018:2373", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2373" + }, + { + "name": "104857", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104857" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10906.json b/2018/10xxx/CVE-2018-10906.json index 8d5fc724def..517218f9cec 100644 --- a/2018/10xxx/CVE-2018-10906.json +++ b/2018/10xxx/CVE-2018-10906.json @@ -1,95 +1,95 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "fuse", - "version" : { - "version_data" : [ - { - "version_value" : "fuse 2.9.8" - }, - { - "version_value" : "fuse 3.2.5" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-285" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "fuse", + "version": { + "version_data": [ + { + "version_value": "fuse 2.9.8" + }, + { + "version_value": "fuse 3.2.5" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45106", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45106/" - }, - { - "name" : "[debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906" - }, - { - "name" : "DSA-4257", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4257" - }, - { - "name" : "RHSA-2018:3324", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3324" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system, accessible by other users, and trick them into accessing files on that file system, possibly causing Denial of Service or other unspecified effects." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-285" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10906" + }, + { + "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1468-1] fuse security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00015.html" + }, + { + "name": "DSA-4257", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4257" + }, + { + "name": "45106", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45106/" + }, + { + "name": "RHSA-2018:3324", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3324" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14013.json b/2018/14xxx/CVE-2018-14013.json index 8f615b26069..677059d1d58 100644 --- a/2018/14xxx/CVE-2018-14013.json +++ b/2018/14xxx/CVE-2018-14013.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14013", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14013", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14692.json b/2018/14xxx/CVE-2018-14692.json index 3e7e466d485..3635573ec01 100644 --- a/2018/14xxx/CVE-2018-14692.json +++ b/2018/14xxx/CVE-2018-14692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14927.json b/2018/14xxx/CVE-2018-14927.json index 58003ce351f..673431d992b 100644 --- a/2018/14xxx/CVE-2018-14927.json +++ b/2018/14xxx/CVE-2018-14927.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9", - "refsource" : "MISC", - "url" : "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to /contingency/web/receiptQuery/receiptDisplay.jsp." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9", + "refsource": "MISC", + "url": "https://medium.com/stolabs/security-issues-on-matera-systems-fba14d207dc9" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14999.json b/2018/14xxx/CVE-2018-14999.json index 04238b52226..f5267e2e18f 100644 --- a/2018/14xxx/CVE-2018-14999.json +++ b/2018/14xxx/CVE-2018-14999.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14999", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14999", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17766.json b/2018/17xxx/CVE-2018-17766.json index c09aecc78ec..759bdf23f35 100644 --- a/2018/17xxx/CVE-2018-17766.json +++ b/2018/17xxx/CVE-2018-17766.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17766", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17766", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17799.json b/2018/17xxx/CVE-2018-17799.json index fb8b8dcfa83..1df505a7f2c 100644 --- a/2018/17xxx/CVE-2018-17799.json +++ b/2018/17xxx/CVE-2018-17799.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17799", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17799", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20016.json b/2018/20xxx/CVE-2018-20016.json index 2ff52c92d0b..300093ca331 100644 --- a/2018/20xxx/CVE-2018-20016.json +++ b/2018/20xxx/CVE-2018-20016.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20016", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20016", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20538.json b/2018/20xxx/CVE-2018-20538.json index aee8dc06209..e58af995df4 100644 --- a/2018/20xxx/CVE-2018-20538.json +++ b/2018/20xxx/CVE-2018-20538.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20538", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20538", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", - "refsource" : "MISC", - "url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392531", + "refsource": "MISC", + "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392531" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20736.json b/2018/20xxx/CVE-2018-20736.json index 4d0551ed5b2..0bbd0da7b13 100644 --- a/2018/20xxx/CVE-2018-20736.json +++ b/2018/20xxx/CVE-2018-20736.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20736", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20736", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9027.json b/2018/9xxx/CVE-2018-9027.json index f909e84653b..65f878a801b 100644 --- a/2018/9xxx/CVE-2018-9027.json +++ b/2018/9xxx/CVE-2018-9027.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vuln@ca.com", - "DATE_PUBLIC" : "2018-06-14T00:00:00", - "ID" : "CVE-2018-9027", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "CA Privileged Access Manager", - "version" : { - "version_data" : [ - { - "version_value" : "2.x" - } - ] - } - } - ] - }, - "vendor_name" : "CA Technologies" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting" - } + "CVE_data_meta": { + "ASSIGNER": "vuln@ca.com", + "DATE_PUBLIC": "2018-06-14T00:00:00", + "ID": "CVE-2018-9027", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "CA Privileged Access Manager", + "version": { + "version_data": [ + { + "version_value": "2.x" + } + ] + } + } + ] + }, + "vendor_name": "CA Technologies" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" - }, - { - "name" : "104496", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104496" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104496", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104496" + }, + { + "name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", + "refsource": "CONFIRM", + "url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9521.json b/2018/9xxx/CVE-2018-9521.json index 088714a7bc9..c56dc662cd1 100644 --- a/2018/9xxx/CVE-2018-9521.json +++ b/2018/9xxx/CVE-2018-9521.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote code execution" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "105865", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105865" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-111874331" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote code execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105865", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105865" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9692.json b/2018/9xxx/CVE-2018-9692.json index cdb0d47b3e0..024d21b0331 100644 --- a/2018/9xxx/CVE-2018-9692.json +++ b/2018/9xxx/CVE-2018-9692.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9692", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9692", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9863.json b/2018/9xxx/CVE-2018-9863.json index 6d08adf0986..795695f2f25 100644 --- a/2018/9xxx/CVE-2018-9863.json +++ b/2018/9xxx/CVE-2018-9863.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9863", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9863", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9883.json b/2018/9xxx/CVE-2018-9883.json index 1471c616485..29bdfe88d16 100644 --- a/2018/9xxx/CVE-2018-9883.json +++ b/2018/9xxx/CVE-2018-9883.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9883", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9883", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9920.json b/2018/9xxx/CVE-2018-9920.json index dd88059170e..0c3106f3f8a 100644 --- a/2018/9xxx/CVE-2018-9920.json +++ b/2018/9xxx/CVE-2018-9920.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9920", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9920", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180522 K2 smartforms runtime application - 4.6.11 SSRF", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/542035/100/0/threaded" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Server side request forgery exists in the runtime application in K2 smartforms 4.6.11 via a modified hostname in an https://*/Identity/STS/Forms/Scripts URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180522 K2 smartforms runtime application - 4.6.11 SSRF", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/542035/100/0/threaded" + } + ] + } +} \ No newline at end of file