From 41ea433c8dfab22dcd80687177d929ad7962a5fb Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 03:06:48 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0258.json | 120 ++++++------- 2002/0xxx/CVE-2002-0273.json | 140 +++++++-------- 2002/0xxx/CVE-2002-0342.json | 140 +++++++-------- 2002/1xxx/CVE-2002-1224.json | 170 +++++++++---------- 2002/1xxx/CVE-2002-1389.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2170.json | 140 +++++++-------- 2002/2xxx/CVE-2002-2313.json | 130 +++++++------- 2003/0xxx/CVE-2003-0085.json | 300 ++++++++++++++++----------------- 2003/0xxx/CVE-2003-0934.json | 130 +++++++------- 2005/1xxx/CVE-2005-1233.json | 190 ++++++++++----------- 2005/1xxx/CVE-2005-1998.json | 160 +++++++++--------- 2009/1xxx/CVE-2009-1291.json | 230 ++++++++++++------------- 2009/1xxx/CVE-2009-1971.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0130.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0340.json | 130 +++++++------- 2012/0xxx/CVE-2012-0437.json | 34 ++-- 2012/3xxx/CVE-2012-3209.json | 140 +++++++-------- 2012/3xxx/CVE-2012-3379.json | 34 ++-- 2012/3xxx/CVE-2012-3579.json | 150 ++++++++--------- 2012/3xxx/CVE-2012-3793.json | 180 ++++++++++---------- 2012/4xxx/CVE-2012-4110.json | 120 ++++++------- 2012/4xxx/CVE-2012-4445.json | 230 ++++++++++++------------- 2012/4xxx/CVE-2012-4570.json | 150 ++++++++--------- 2012/4xxx/CVE-2012-4797.json | 34 ++-- 2012/6xxx/CVE-2012-6049.json | 140 +++++++-------- 2017/2xxx/CVE-2017-2208.json | 130 +++++++------- 2017/2xxx/CVE-2017-2415.json | 180 ++++++++++---------- 2017/2xxx/CVE-2017-2959.json | 150 ++++++++--------- 2017/6xxx/CVE-2017-6058.json | 180 ++++++++++---------- 2017/6xxx/CVE-2017-6373.json | 34 ++-- 2017/6xxx/CVE-2017-6498.json | 160 +++++++++--------- 2017/6xxx/CVE-2017-6619.json | 130 +++++++------- 2017/6xxx/CVE-2017-6942.json | 34 ++-- 2017/6xxx/CVE-2017-6946.json | 34 ++-- 2017/7xxx/CVE-2017-7248.json | 140 +++++++-------- 2017/7xxx/CVE-2017-7670.json | 128 +++++++------- 2017/7xxx/CVE-2017-7940.json | 130 +++++++------- 2018/10xxx/CVE-2018-10197.json | 120 ++++++------- 2018/10xxx/CVE-2018-10647.json | 120 ++++++------- 2018/10xxx/CVE-2018-10742.json | 34 ++-- 2018/14xxx/CVE-2018-14089.json | 120 ++++++------- 2018/14xxx/CVE-2018-14212.json | 34 ++-- 2018/14xxx/CVE-2018-14568.json | 150 ++++++++--------- 2018/14xxx/CVE-2018-14687.json | 34 ++-- 2018/14xxx/CVE-2018-14826.json | 132 +++++++-------- 2018/15xxx/CVE-2018-15392.json | 154 ++++++++--------- 2018/15xxx/CVE-2018-15749.json | 120 ++++++------- 2018/20xxx/CVE-2018-20052.json | 34 ++-- 2018/9xxx/CVE-2018-9230.json | 130 +++++++------- 2018/9xxx/CVE-2018-9310.json | 120 ++++++------- 2018/9xxx/CVE-2018-9337.json | 140 +++++++-------- 2018/9xxx/CVE-2018-9688.json | 34 ++-- 52 files changed, 3279 insertions(+), 3279 deletions(-) diff --git a/2002/0xxx/CVE-2002-0258.json b/2002/0xxx/CVE-2002-0258.json index 30c8164ff59..5285dc98e81 100644 --- a/2002/0xxx/CVE-2002-0258.json +++ b/2002/0xxx/CVE-2002-0258.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0258", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0258", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020209 Security Issue in Icewarp", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101328887821909&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020209 Security Issue in Icewarp", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101328887821909&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0273.json b/2002/0xxx/CVE-2002-0273.json index a1766bb2bb8..29db16dc04c 100644 --- a/2002/0xxx/CVE-2002-0273.json +++ b/2002/0xxx/CVE-2002-0273.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0273", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0273", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020213 NetWin CWMail.exe Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101362100602008&w=2" - }, - { - "name" : "4093", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4093" - }, - { - "name" : "cwmail-item-bo(8185)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8185.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020213 NetWin CWMail.exe Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101362100602008&w=2" + }, + { + "name": "cwmail-item-bo(8185)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8185.php" + }, + { + "name": "4093", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4093" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0342.json b/2002/0xxx/CVE-2002-0342.json index 9d8d4d39f8d..03ee13c636d 100644 --- a/2002/0xxx/CVE-2002-0342.json +++ b/2002/0xxx/CVE-2002-0342.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0342", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0342", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020226 BUG: Kmail client DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101475683425671&w=2" - }, - { - "name" : "kmail-message-body-dos(8283)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8283.php" - }, - { - "name" : "4177", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4177" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service (crash) via an email message whose body is approximately 55 K long." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020226 BUG: Kmail client DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101475683425671&w=2" + }, + { + "name": "kmail-message-body-dos(8283)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8283.php" + }, + { + "name": "4177", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4177" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1224.json b/2002/1xxx/CVE-2002-1224.json index f78631a02bf..2196b1a080b 100644 --- a/2002/1xxx/CVE-2002-1224.json +++ b/2002/1xxx/CVE-2002-1224.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1224", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1224", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.kde.org/info/security/advisory-20021008-2.txt", - "refsource" : "CONFIRM", - "url" : "http://www.kde.org/info/security/advisory-20021008-2.txt" - }, - { - "name" : "RHSA-2002:220", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" - }, - { - "name" : "20021009 KDE Security Advisory: kpf Directory traversal", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html" - }, - { - "name" : "20021011 Security hole in kpf - KDE personal fileserver.", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294991" - }, - { - "name" : "kpf-icon-view-files(10347)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10347.php" - }, - { - "name" : "5951", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2002:220", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html" + }, + { + "name": "http://www.kde.org/info/security/advisory-20021008-2.txt", + "refsource": "CONFIRM", + "url": "http://www.kde.org/info/security/advisory-20021008-2.txt" + }, + { + "name": "20021009 KDE Security Advisory: kpf Directory traversal", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html" + }, + { + "name": "5951", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5951" + }, + { + "name": "20021011 Security hole in kpf - KDE personal fileserver.", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294991" + }, + { + "name": "kpf-icon-view-files(10347)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10347.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1389.json b/2002/1xxx/CVE-2002-1389.json index 9ab5cd51301..9b08bc1c6a1 100644 --- a/2002/1xxx/CVE-2002-1389.json +++ b/2002/1xxx/CVE-2002-1389.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1389", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1389", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-217", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-217" - }, - { - "name" : "6485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6485" - }, - { - "name" : "typespeed-command-line-bo(10936)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10936" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "typespeed-command-line-bo(10936)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10936" + }, + { + "name": "6485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6485" + }, + { + "name": "DSA-217", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-217" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2170.json b/2002/2xxx/CVE-2002-2170.json index cf31ac9eef4..78374294b65 100644 --- a/2002/2xxx/CVE-2002-2170.json +++ b/2002/2xxx/CVE-2002-2170.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020720 BadBlue - Unauthorized Administrative Command Execution", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/283418" - }, - { - "name" : "5276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5276" - }, - { - "name" : "badblue-unauth-admin-access(9642)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9642.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5276" + }, + { + "name": "20020720 BadBlue - Unauthorized Administrative Command Execution", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/283418" + }, + { + "name": "badblue-unauth-admin-access(9642)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9642.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2313.json b/2002/2xxx/CVE-2002-2313.json index 2f665f0cf8c..441a13e1326 100644 --- a/2002/2xxx/CVE-2002-2313.json +++ b/2002/2xxx/CVE-2002-2313.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2313", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Eudora email client 5.1.1, with \"use Microsoft viewer\" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2313", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020724 REFRESH: EUDORA MAIL 5.1.1", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000644.html" - }, - { - "name" : "eudora-mhtml-execute-files(9654)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9654.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Eudora email client 5.1.1, with \"use Microsoft viewer\" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program, which is processed by Internet Explorer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020724 REFRESH: EUDORA MAIL 5.1.1", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000644.html" + }, + { + "name": "eudora-mhtml-execute-files(9654)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9654.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0085.json b/2003/0xxx/CVE-2003-0085.json index 194351c2a06..0a6fa50e791 100644 --- a/2003/0xxx/CVE-2003-0085.json +++ b/2003/0xxx/CVE-2003-0085.json @@ -1,152 +1,152 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0085", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0085", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030317 Security Bugfix for Samba - Samba 2.2.8 Released", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104792723017768&w=2" - }, - { - "name" : "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded" - }, - { - "name" : "20030401 Immunix Secured OS 7+ samba update", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/317145/30/25220/threaded" - }, - { - "name" : "APPLE-SA-2003-03-24", - "refsource" : "APPLE", - "url" : "http://www.securityfocus.com/archive/1/316165/30/25370/threaded" - }, - { - "name" : "DSA-262", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-262" - }, - { - "name" : "GLSA-200303-11", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml" - }, - { - "name" : "IMNX-2003-7+-003-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/archive/1/317145/30/25220/threaded" - }, - { - "name" : "MDKSA-2003:032", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032" - }, - { - "name" : "RHSA-2003:095", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-095.html" - }, - { - "name" : "RHSA-2003:096", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-096.html" - }, - { - "name" : "SuSE-SA:2003:016", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_016_samba.html" - }, - { - "name" : "20030302-01-I", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I" - }, - { - "name" : "20030317 GLSA: samba (200303-11)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104792646416629&w=2" - }, - { - "name" : "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104801012929374&w=2" - }, - { - "name" : "VU#298233", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/298233" - }, - { - "name" : "7106", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7106" - }, - { - "name" : "oval:org.mitre.oval:def:552", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552" - }, - { - "name" : "8299", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8299" - }, - { - "name" : "8303", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8303" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030317 Security Bugfix for Samba - Samba 2.2.8 Released", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104792723017768&w=2" + }, + { + "name": "20030317 GLSA: samba (200303-11)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104792646416629&w=2" + }, + { + "name": "GLSA-200303-11", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-200303-11.xml" + }, + { + "name": "20030325 Fwd: APPLE-SA-2003-03-24 Samba, OpenSSL", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded" + }, + { + "name": "APPLE-SA-2003-03-24", + "refsource": "APPLE", + "url": "http://www.securityfocus.com/archive/1/316165/30/25370/threaded" + }, + { + "name": "RHSA-2003:096", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-096.html" + }, + { + "name": "oval:org.mitre.oval:def:552", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A552" + }, + { + "name": "20030318 [OpenPKG-SA-2003.021] OpenPKG Security Advisory (samba)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104801012929374&w=2" + }, + { + "name": "7106", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7106" + }, + { + "name": "RHSA-2003:095", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-095.html" + }, + { + "name": "VU#298233", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/298233" + }, + { + "name": "SuSE-SA:2003:016", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_016_samba.html" + }, + { + "name": "MDKSA-2003:032", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:032" + }, + { + "name": "IMNX-2003-7+-003-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/archive/1/317145/30/25220/threaded" + }, + { + "name": "DSA-262", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-262" + }, + { + "name": "20030401 Immunix Secured OS 7+ samba update", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/317145/30/25220/threaded" + }, + { + "name": "8303", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8303" + }, + { + "name": "20030302-01-I", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I" + }, + { + "name": "8299", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8299" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0934.json b/2003/0xxx/CVE-2003-0934.json index 3db34ff8ad7..98b6cf0b39f 100644 --- a/2003/0xxx/CVE-2003-0934.json +++ b/2003/0xxx/CVE-2003-0934.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0934", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0934", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031110 Symbol Technologies Default WEP KEYS Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106850011513880&w=2" - }, - { - "name" : "http://www.secnap.net/security/031106.html", - "refsource" : "MISC", - "url" : "http://www.secnap.net/security/031106.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.secnap.net/security/031106.html", + "refsource": "MISC", + "url": "http://www.secnap.net/security/031106.html" + }, + { + "name": "20031110 Symbol Technologies Default WEP KEYS Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106850011513880&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1233.json b/2005/1xxx/CVE-2005-1233.json index 4be90290539..4ed107b9f6e 100644 --- a/2005/1xxx/CVE-2005-1233.json +++ b/2005/1xxx/CVE-2005-1233.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1233", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1233", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.snkenjoi.com/secadv/secadv7.txt", - "refsource" : "MISC", - "url" : "http://www.snkenjoi.com/secadv/secadv7.txt" - }, - { - "name" : "13276", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13276" - }, - { - "name" : "13282", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13282" - }, - { - "name" : "ADV-2005-0370", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2005/0370" - }, - { - "name" : "15697", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/15697" - }, - { - "name" : "1013756", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1013756" - }, - { - "name" : "15027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15027" - }, - { - "name" : "profile-indexphp-xss(20169)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2005-0370", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2005/0370" + }, + { + "name": "13276", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13276" + }, + { + "name": "13282", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13282" + }, + { + "name": "http://www.snkenjoi.com/secadv/secadv7.txt", + "refsource": "MISC", + "url": "http://www.snkenjoi.com/secadv/secadv7.txt" + }, + { + "name": "1013756", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1013756" + }, + { + "name": "15027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15027" + }, + { + "name": "profile-indexphp-xss(20169)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20169" + }, + { + "name": "15697", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/15697" + } + ] + } +} \ No newline at end of file diff --git a/2005/1xxx/CVE-2005-1998.json b/2005/1xxx/CVE-2005-1998.json index 6e0f5add443..bf3625b9c50 100644 --- a/2005/1xxx/CVE-2005-1998.json +++ b/2005/1xxx/CVE-2005-1998.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2005-1998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2005-1998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20050615 Vulnerability: McGallery v 1.1 files reading on disk", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=111885505600482&w=2" - }, - { - "name" : "13963", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13963" - }, - { - "name" : "17343", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/17343" - }, - { - "name" : "1014215", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1014215" - }, - { - "name" : "15727", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/15727" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20050615 Vulnerability: McGallery v 1.1 files reading on disk", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=111885505600482&w=2" + }, + { + "name": "17343", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/17343" + }, + { + "name": "1014215", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1014215" + }, + { + "name": "13963", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13963" + }, + { + "name": "15727", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/15727" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1291.json b/2009/1xxx/CVE-2009-1291.json index 6e5f3cdd2bf..0b40dd19ef3 100644 --- a/2009/1xxx/CVE-2009-1291.json +++ b/2009/1xxx/CVE-2009-1291.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1291", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-1291", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability", - "refsource" : "IDEFENSE", - "url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785" - }, - { - "name" : "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html", - "refsource" : "MISC", - "url" : "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html" - }, - { - "name" : "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt" - }, - { - "name" : "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt" - }, - { - "name" : "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/default.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/default.jsp" - }, - { - "name" : "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp", - "refsource" : "CONFIRM", - "url" : "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp" - }, - { - "name" : "34754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34754" - }, - { - "name" : "1022129", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1022129" - }, - { - "name" : "34911", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/34911" - }, - { - "name" : "ADV-2009-1198", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2009/1198" - }, - { - "name" : "smartsockets-udp-bo(50214)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via \"inbound data,\" as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/security_advisory_rtworks_tcm8-7559.txt" + }, + { + "name": "http://www.tibco.com/services/support/advisories/default.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/default.jsp" + }, + { + "name": "1022129", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1022129" + }, + { + "name": "34754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34754" + }, + { + "name": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/security_advisory_smartsockets_tcm8-7560.txt" + }, + { + "name": "20090428 TIBCO SmartSockets Stack Buffer Overflow Vulnerability", + "refsource": "IDEFENSE", + "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=785" + }, + { + "name": "smartsockets-udp-bo(50214)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50214" + }, + { + "name": "ADV-2009-1198", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2009/1198" + }, + { + "name": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html", + "refsource": "MISC", + "url": "http://www.harmonysecurity.com/blog/2009/04/tibco-smartsockets-stack-buffer.html" + }, + { + "name": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/services/support/advisories/smartsockets-sspfm-ems_advisory_20090428.jsp" + }, + { + "name": "34911", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/34911" + }, + { + "name": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt", + "refsource": "CONFIRM", + "url": "http://www.tibco.com/multimedia/security_advisory_ems_tcm8-7558.txt" + } + ] + } +} \ No newline at end of file diff --git a/2009/1xxx/CVE-2009-1971.json b/2009/1xxx/CVE-2009-1971.json index d94fff389fa..16fae1a0fed 100644 --- a/2009/1xxx/CVE-2009-1971.json +++ b/2009/1xxx/CVE-2009-1971.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-1971", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2009-1971", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" - }, - { - "name" : "TA09-294A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" - }, - { - "name" : "36754", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/36754" - }, - { - "name" : "1023057", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1023057" - }, - { - "name" : "37027", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/37027" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "36754", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/36754" + }, + { + "name": "37027", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/37027" + }, + { + "name": "1023057", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1023057" + }, + { + "name": "TA09-294A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0130.json b/2012/0xxx/CVE-2012-0130.json index 6d41afa948e..28d8bcd77ad 100644 --- a/2012/0xxx/CVE-2012-0130.json +++ b/2012/0xxx/CVE-2012-0130.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0130", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0130", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02759", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522176" - }, - { - "name" : "SSRT100817", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522176" - }, - { - "name" : "52862", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52862" - }, - { - "name" : "1026889", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026889" - }, - { - "name" : "hpoa-unspecified-info-disclosure(74577)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74577" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HP Onboard Administrator (OA) before 3.50 allows remote attackers to obtain sensitive information via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT100817", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522176" + }, + { + "name": "1026889", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026889" + }, + { + "name": "52862", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52862" + }, + { + "name": "HPSBMU02759", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522176" + }, + { + "name": "hpoa-unspecified-info-disclosure(74577)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74577" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0340.json b/2012/0xxx/CVE-2012-0340.json index 1cd1e868612..4a01404a1f9 100644 --- a/2012/0xxx/CVE-2012-0340.json +++ b/2012/0xxx/CVE-2012-0340.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0340", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-0340", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.secureworks.com/research/advisories/SWRX-2012-001/", - "refsource" : "MISC", - "url" : "http://www.secureworks.com/research/advisories/SWRX-2012-001/" - }, - { - "name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045", - "refsource" : "CONFIRM", - "url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.secureworks.com/research/advisories/SWRX-2012-001/", + "refsource": "MISC", + "url": "http://www.secureworks.com/research/advisories/SWRX-2012-001/" + }, + { + "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045", + "refsource": "CONFIRM", + "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=25045" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0437.json b/2012/0xxx/CVE-2012-0437.json index 1c28d9d5281..9ba2667a642 100644 --- a/2012/0xxx/CVE-2012-0437.json +++ b/2012/0xxx/CVE-2012-0437.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0437", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0437", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3209.json b/2012/3xxx/CVE-2012-3209.json index ffdc4d6dcc2..10b7caa9bc7 100644 --- a/2012/3xxx/CVE-2012-3209.json +++ b/2012/3xxx/CVE-2012-3209.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3209", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-3209", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "56074", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56074" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "56074", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56074" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3379.json b/2012/3xxx/CVE-2012-3379.json index 115bdbb3f89..9f77ea7eb8e 100644 --- a/2012/3xxx/CVE-2012-3379.json +++ b/2012/3xxx/CVE-2012-3379.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3379", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0808. Reason: This candidate is a duplicate of CVE-2012-0808. Notes: All CVE users should reference CVE-2012-0808 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-3379", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0808. Reason: This candidate is a duplicate of CVE-2012-0808. Notes: All CVE users should reference CVE-2012-0808 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3579.json b/2012/3xxx/CVE-2012-3579.json index 3aff9946067..e3782a4d6f2 100644 --- a/2012/3xxx/CVE-2012-3579.json +++ b/2012/3xxx/CVE-2012-3579.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3579", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3579", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html" - }, - { - "name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", - "refsource" : "CONFIRM", - "url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" - }, - { - "name" : "55143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55143" - }, - { - "name" : "symantec-gateway-default-password(78034)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Symantec Messaging Gateway (SMG) before 10.0 has a default password for an unspecified account, which makes it easier for remote attackers to obtain privileged access via an SSH session." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/116277/Symantec-Messaging-Gateway-9.5-Default-SSH-Password.html" + }, + { + "name": "55143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55143" + }, + { + "name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00", + "refsource": "CONFIRM", + "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00" + }, + { + "name": "symantec-gateway-default-password(78034)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78034" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3793.json b/2012/3xxx/CVE-2012-3793.json index e1a7c2ae811..de6d5532363 100644 --- a/2012/3xxx/CVE-2012-3793.json +++ b/2012/3xxx/CVE-2012-3793.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3793", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3793", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://aluigi.org/adv/proservrex_1-adv.txt", - "refsource" : "MISC", - "url" : "http://aluigi.org/adv/proservrex_1-adv.txt" - }, - { - "name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" - }, - { - "name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" - }, - { - "name" : "https://www.hmisource.com/otasuke/news/2012/0606.html", - "refsource" : "CONFIRM", - "url" : "https://www.hmisource.com/otasuke/news/2012/0606.html" - }, - { - "name" : "53499", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53499" - }, - { - "name" : "49172", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49172" - }, - { - "name" : "proserverex-overflow-dos(75547)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75547" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode that triggers an incorrect memory allocation and a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "proserverex-overflow-dos(75547)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75547" + }, + { + "name": "https://www.hmisource.com/otasuke/news/2012/0606.html", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/news/2012/0606.html" + }, + { + "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", + "refsource": "CONFIRM", + "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" + }, + { + "name": "http://aluigi.org/adv/proservrex_1-adv.txt", + "refsource": "MISC", + "url": "http://aluigi.org/adv/proservrex_1-adv.txt" + }, + { + "name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" + }, + { + "name": "53499", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53499" + }, + { + "name": "49172", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49172" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4110.json b/2012/4xxx/CVE-2012-4110.json index 72938b83d38..3e9ab49fa49 100644 --- a/2012/4xxx/CVE-2012-4110.json +++ b/2012/4xxx/CVE-2012-4110.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4110", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4110", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130930 Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "run-script in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges by embedding commands in an unspecified parameter, aka Bug ID CSCtq86560." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130930 Cisco Unified Computing System Fabric Interconnect run-script Command Injection Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4110" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4445.json b/2012/4xxx/CVE-2012-4445.json index 7d73f204e99..df2de12c63a 100644 --- a/2012/4xxx/CVE-2012-4445.json +++ b/2012/4xxx/CVE-2012-4445.json @@ -1,117 +1,117 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4445", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4445", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/08/3" - }, - { - "name" : "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt", - "refsource" : "MISC", - "url" : "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt" - }, - { - "name" : "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de", - "refsource" : "CONFIRM", - "url" : "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de" - }, - { - "name" : "DSA-2557", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2557" - }, - { - "name" : "FreeBSD-SA-12:07", - "refsource" : "FREEBSD", - "url" : "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc" - }, - { - "name" : "MDVSA-2012:168", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" - }, - { - "name" : "55826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55826" - }, - { - "name" : "86051", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86051" - }, - { - "name" : "1027808", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027808" - }, - { - "name" : "50805", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50805" - }, - { - "name" : "50888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50888" - }, - { - "name" : "hostapd-eaptls-dos(79104)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small \"TLS Message Length\" value in an EAP-TLS message with the \"More Fragments\" flag set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de", + "refsource": "CONFIRM", + "url": "http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de" + }, + { + "name": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt", + "refsource": "MISC", + "url": "http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt" + }, + { + "name": "[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/08/3" + }, + { + "name": "50805", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50805" + }, + { + "name": "DSA-2557", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2557" + }, + { + "name": "1027808", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027808" + }, + { + "name": "MDVSA-2012:168", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:168" + }, + { + "name": "86051", + "refsource": "OSVDB", + "url": "http://osvdb.org/86051" + }, + { + "name": "55826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55826" + }, + { + "name": "FreeBSD-SA-12:07", + "refsource": "FREEBSD", + "url": "http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc" + }, + { + "name": "hostapd-eaptls-dos(79104)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79104" + }, + { + "name": "50888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50888" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4570.json b/2012/4xxx/CVE-2012-4570.json index 24bb1f14139..631bc711896 100644 --- a/2012/4xxx/CVE-2012-4570.json +++ b/2012/4xxx/CVE-2012-4570.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121005 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/06/1" - }, - { - "name" : "[oss-security] 20121031 CVE request: LetoDMS, more issues", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/10/31/7" - }, - { - "name" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", - "refsource" : "CONFIRM", - "url" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" - }, - { - "name" : "55822", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20121005 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/06/1" + }, + { + "name": "[oss-security] 20121031 CVE request: LetoDMS, more issues", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/10/31/7" + }, + { + "name": "55822", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55822" + }, + { + "name": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", + "refsource": "CONFIRM", + "url": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4797.json b/2012/4xxx/CVE-2012-4797.json index c2c59fc390f..7c736a78acc 100644 --- a/2012/4xxx/CVE-2012-4797.json +++ b/2012/4xxx/CVE-2012-4797.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4797", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4797", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2012/6xxx/CVE-2012-6049.json b/2012/6xxx/CVE-2012-6049.json index 90f2c60e7ef..d89ae276a31 100644 --- a/2012/6xxx/CVE-2012-6049.json +++ b/2012/6xxx/CVE-2012-6049.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-6049", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-6049", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://hauntit.blogspot.com/2012/03/en-quickcartv50-information-disclosure.html", - "refsource" : "MISC", - "url" : "http://hauntit.blogspot.com/2012/03/en-quickcartv50-information-disclosure.html" - }, - { - "name" : "http://packetstormsecurity.org/files/112242/Quick.Cart-5.0-Information-Disclosure.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/112242/Quick.Cart-5.0-Information-Disclosure.html" - }, - { - "name" : "quickcart-index-info-disclosure(75204)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75204" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Solution Quick.Cart 5.0 allows remote attackers to obtain sensitive information via (1) a long string or (2) invalid characters in a cookie, which reveals the installation path in an error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "quickcart-index-info-disclosure(75204)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75204" + }, + { + "name": "http://hauntit.blogspot.com/2012/03/en-quickcartv50-information-disclosure.html", + "refsource": "MISC", + "url": "http://hauntit.blogspot.com/2012/03/en-quickcartv50-information-disclosure.html" + }, + { + "name": "http://packetstormsecurity.org/files/112242/Quick.Cart-5.0-Information-Disclosure.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/112242/Quick.Cart-5.0-Information-Disclosure.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2208.json b/2017/2xxx/CVE-2017-2208.json index 4a57a5b0b64..2158653179f 100644 --- a/2017/2xxx/CVE-2017-2208.json +++ b/2017/2xxx/CVE-2017-2208.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2208", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Installer of electronic tendering and bid opening system", - "version" : { - "version_data" : [ - { - "version_value" : "available prior to June 12, 2017" - } - ] - } - } - ] - }, - "vendor_name" : "Acquisition, Technology & Logistics Agency" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2208", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Installer of electronic tendering and bid opening system", + "version": { + "version_data": [ + { + "version_value": "available prior to June 12, 2017" + } + ] + } + } + ] + }, + "vendor_name": "Acquisition, Technology & Logistics Agency" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html", - "refsource" : "MISC", - "url" : "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html" - }, - { - "name" : "JVN#27198823", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN27198823/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Installer of Electronic tendering and bid opening system available prior to June 12, 2017 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html", + "refsource": "MISC", + "url": "http://www.mod.go.jp/atla/souhon/cals/nyusatsu_top.html" + }, + { + "name": "JVN#27198823", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN27198823/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2415.json b/2017/2xxx/CVE-2017-2415.json index 9f1fab08a70..46c0b04e4f1 100644 --- a/2017/2xxx/CVE-2017-2415.json +++ b/2017/2xxx/CVE-2017-2415.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2415", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2415", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207600", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207600" - }, - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "GLSA-201706-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-15" - }, - { - "name" : "97143", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97143" - }, - { - "name" : "1038137", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038137" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038137", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "97143", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97143" + }, + { + "name": "GLSA-201706-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-15" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207600", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207600" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2959.json b/2017/2xxx/CVE-2017-2959.json index 4de1b6d2a9e..26c059cfec3 100644 --- a/2017/2xxx/CVE-2017-2959.json +++ b/2017/2xxx/CVE-2017-2959.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-2959", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Heap Overflow" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-2959", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-023", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-023" - }, - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" - }, - { - "name" : "95344", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95344" - }, - { - "name" : "1037574", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037574" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the image conversion engine, related to parsing of color profile metadata. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Heap Overflow" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95344", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95344" + }, + { + "name": "1037574", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037574" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-17-023", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-17-023" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6058.json b/2017/6xxx/CVE-2017-6058.json index 46c4b0bcb62..47464a90ef1 100644 --- a/2017/6xxx/CVE-2017-6058.json +++ b/2017/6xxx/CVE-2017-6058.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/17/2" - }, - { - "name" : "[qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping", - "refsource" : "MLIST", - "url" : "https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1423358", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1423358" - }, - { - "name" : "GLSA-201704-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201704-01" - }, - { - "name" : "96277", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96277" - }, - { - "name" : "1037856", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[qemu-devel] 20170216 [PATCH 2/5] NetRxPkt: Fix memory corruption on VLAN header stripping", + "refsource": "MLIST", + "url": "https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1423358" + }, + { + "name": "[oss-security] 20170217 CVE-2017-6058 Qemu: net: vmxnet3: OOB NetRxPkt::ehdr_buf access when doing vlan stripping", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/17/2" + }, + { + "name": "GLSA-201704-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201704-01" + }, + { + "name": "1037856", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037856" + }, + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=df8bf7a7fe75eb5d5caffa55f5cd4292b757aea6" + }, + { + "name": "96277", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96277" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6373.json b/2017/6xxx/CVE-2017-6373.json index 8ead0931c5a..0fb2749e251 100644 --- a/2017/6xxx/CVE-2017-6373.json +++ b/2017/6xxx/CVE-2017-6373.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6373", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6373", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6498.json b/2017/6xxx/CVE-2017-6498.json index 51768ea2b69..0ad58cf5fd7 100644 --- a/2017/6xxx/CVE-2017-6498.json +++ b/2017/6xxx/CVE-2017-6498.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6498", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6498", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/856878", - "refsource" : "CONFIRM", - "url" : "https://bugs.debian.org/856878" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9" - }, - { - "name" : "https://github.com/ImageMagick/ImageMagick/pull/359", - "refsource" : "CONFIRM", - "url" : "https://github.com/ImageMagick/ImageMagick/pull/359" - }, - { - "name" : "DSA-3808", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3808" - }, - { - "name" : "96591", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96591" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9" + }, + { + "name": "https://github.com/ImageMagick/ImageMagick/pull/359", + "refsource": "CONFIRM", + "url": "https://github.com/ImageMagick/ImageMagick/pull/359" + }, + { + "name": "96591", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96591" + }, + { + "name": "DSA-3808", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3808" + }, + { + "name": "https://bugs.debian.org/856878", + "refsource": "CONFIRM", + "url": "https://bugs.debian.org/856878" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6619.json b/2017/6xxx/CVE-2017-6619.json index f4b9ca12cce..e054f83aa8a 100644 --- a/2017/6xxx/CVE-2017-6619.json +++ b/2017/6xxx/CVE-2017-6619.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6619", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Integrated Management Controller", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Integrated Management Controller" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6619", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Integrated Management Controller", + "version": { + "version_data": [ + { + "version_value": "Cisco Integrated Management Controller" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc" - }, - { - "name" : "97925", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97925" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not sufficiently sanitize user-supplied HTTP input. An attacker could exploit this vulnerability by sending an HTTP POST request that contains crafted, deserialized user data to the affected software. A successful exploit could allow the attacker to execute arbitrary commands with root-level privileges on the affected system, which the attacker could use to conduct further attacks. Cisco Bug IDs: CSCvd14591." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97925", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97925" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6942.json b/2017/6xxx/CVE-2017-6942.json index ff90e4864e4..5747a0c1978 100644 --- a/2017/6xxx/CVE-2017-6942.json +++ b/2017/6xxx/CVE-2017-6942.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6942", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6942", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6946.json b/2017/6xxx/CVE-2017-6946.json index f99435846b6..e4d538a2cc5 100644 --- a/2017/6xxx/CVE-2017-6946.json +++ b/2017/6xxx/CVE-2017-6946.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6946", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6946", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7248.json b/2017/7xxx/CVE-2017-7248.json index 6cb122c69e7..657b7aff187 100644 --- a/2017/7xxx/CVE-2017-7248.json +++ b/2017/7xxx/CVE-2017-7248.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7248", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7248", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WhatCD/Gazelle/issues/111", - "refsource" : "CONFIRM", - "url" : "https://github.com/WhatCD/Gazelle/issues/111" - }, - { - "name" : "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS", - "refsource" : "CONFIRM", - "url" : "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS" - }, - { - "name" : "97063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (type) passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhatCD/Gazelle/issues/111", + "refsource": "CONFIRM", + "url": "https://github.com/WhatCD/Gazelle/issues/111" + }, + { + "name": "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS", + "refsource": "CONFIRM", + "url": "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS" + }, + { + "name": "97063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97063" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7670.json b/2017/7xxx/CVE-2017-7670.json index 20d0cf9a25b..1740a72fd65 100644 --- a/2017/7xxx/CVE-2017-7670.json +++ b/2017/7xxx/CVE-2017-7670.json @@ -1,66 +1,66 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@apache.org", - "DATE_PUBLIC" : "2017-07-07T00:00:00", - "ID" : "CVE-2017-7670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Apache Traffic Control", - "version" : { - "version_data" : [ - { - "version_value" : "1.8.0 incubating" - }, - { - "version_value" : "2.0.0 RC0 incubating" - } - ] - } - } - ] - }, - "vendor_name" : "Apache Software Foundation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Denial of Service" - } + "CVE_data_meta": { + "ASSIGNER": "security@apache.org", + "DATE_PUBLIC": "2017-07-07T00:00:00", + "ID": "CVE-2017-7670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Apache Traffic Control", + "version": { + "version_data": [ + { + "version_value": "1.8.0 incubating" + }, + { + "version_value": "2.0.0 RC0 incubating" + } + ] + } + } + ] + }, + "vendor_name": "Apache Software Foundation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670", - "refsource" : "MLIST", - "url" : "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@%3Cusers.trafficcontrol.apache.org%3E" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly closes the connection or Traffic Router is restarted. If connections remain in the ESTABLISHED state indefinitely and accumulate in number to match the size of the thread pool dedicated to processing DNS requests, the thread pool becomes exhausted. Once the thread pool is exhausted, Traffic Router is unable to service any DNS request, regardless of transport protocol." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Denial of Service" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[users] 20170707 Apache Traffic Control Traffic Router Slowloris Denial of Service Vulnerability - CVE-2017-7670", + "refsource": "MLIST", + "url": "https://lists.apache.org/thread.html/42b207e9f526353b504591684bd02a5e9fcb4b8f28534253d07740a0@%3Cusers.trafficcontrol.apache.org%3E" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7940.json b/2017/7xxx/CVE-2017-7940.json index 5e8d2adcbe4..f09831e483c 100644 --- a/2017/7xxx/CVE-2017-7940.json +++ b/2017/7xxx/CVE-2017-7940.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/jsummers/imageworsener/issues/18", - "refsource" : "CONFIRM", - "url" : "https://github.com/jsummers/imageworsener/issues/18" - }, - { - "name" : "GLSA-201706-06", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-06" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201706-06", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-06" + }, + { + "name": "https://github.com/jsummers/imageworsener/issues/18", + "refsource": "CONFIRM", + "url": "https://github.com/jsummers/imageworsener/issues/18" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10197.json b/2018/10xxx/CVE-2018-10197.json index e13aabd7dba..148f73c7e0c 100644 --- a/2018/10xxx/CVE-2018-10197.json +++ b/2018/10xxx/CVE-2018-10197.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the \"userdata\" table from the \"eloam\" database." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180710 [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/Jul/29" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET parameter. For example, one can succeed in reading the password hash of the administrator user in the \"userdata\" table from the \"eloam\" database." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180710 [CVE-2018-10197] ELO 9/10 - Time-Based blind SQL injection", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/Jul/29" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10647.json b/2018/10xxx/CVE-2018-10647.json index f665eb69d01..0c97eb74fe6 100644 --- a/2018/10xxx/CVE-2018-10647.json +++ b/2018/10xxx/CVE-2018-10647.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10647", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its \"SaferVPN.Service\" service. The \"SaferVPN.Service\" service executes \"openvpn.exe\" using OpenVPN config files located within the current user's %LOCALAPPDATA%\\SaferVPN\\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10647", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-024.md", - "refsource" : "MISC", - "url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-024.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation vulnerability in its \"SaferVPN.Service\" service. The \"SaferVPN.Service\" service executes \"openvpn.exe\" using OpenVPN config files located within the current user's %LOCALAPPDATA%\\SaferVPN\\OvpnConfig directory. An authenticated attacker may modify these configuration files to specify a dynamic library plugin that should run for every new VPN connection attempt. This plugin will execute code in the context of the SYSTEM user." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-024.md", + "refsource": "MISC", + "url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-024.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10742.json b/2018/10xxx/CVE-2018-10742.json index 6e41d140053..8093a241b33 100644 --- a/2018/10xxx/CVE-2018-10742.json +++ b/2018/10xxx/CVE-2018-10742.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10742", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10742", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14089.json b/2018/14xxx/CVE-2018-14089.json index 7b11f3df64c..7c2833c18d1 100644 --- a/2018/14xxx/CVE-2018-14089.json +++ b/2018/14xxx/CVE-2018-14089.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14089", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14089", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md", - "refsource" : "MISC", - "url" : "https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfer in the function transferFrom because '<=' is used instead of '>=' (which was intended). An attacker can transfer from any address to his address, and does not need to meet the 'allowance > value' condition." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md", + "refsource": "MISC", + "url": "https://github.com/hellowuzekai/blockchains/blob/master/transferFrom.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14212.json b/2018/14xxx/CVE-2018-14212.json index 902906e4ec8..424272be2fe 100644 --- a/2018/14xxx/CVE-2018-14212.json +++ b/2018/14xxx/CVE-2018-14212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14568.json b/2018/14xxx/CVE-2018-14568.json index bda06901e4b..b0bef365989 100644 --- a/2018/14xxx/CVE-2018-14568.json +++ b/2018/14xxx/CVE-2018-14568.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14568", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14568", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345", - "refsource" : "MISC", - "url" : "https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345" - }, - { - "name" : "https://github.com/kirillwow/ids_bypass", - "refsource" : "MISC", - "url" : "https://github.com/kirillwow/ids_bypass" - }, - { - "name" : "https://redmine.openinfosecfoundation.org/issues/2501", - "refsource" : "MISC", - "url" : "https://redmine.openinfosecfoundation.org/issues/2501" - }, - { - "name" : "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/", - "refsource" : "MISC", - "url" : "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortly after an RST (i.e., they act as if the RST had not yet been received)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/", + "refsource": "MISC", + "url": "https://suricata-ids.org/2018/07/18/suricata-4-0-5-available/" + }, + { + "name": "https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345", + "refsource": "MISC", + "url": "https://github.com/OISF/suricata/pull/3428/commits/843d0b7a10bb45627f94764a6c5d468a24143345" + }, + { + "name": "https://redmine.openinfosecfoundation.org/issues/2501", + "refsource": "MISC", + "url": "https://redmine.openinfosecfoundation.org/issues/2501" + }, + { + "name": "https://github.com/kirillwow/ids_bypass", + "refsource": "MISC", + "url": "https://github.com/kirillwow/ids_bypass" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14687.json b/2018/14xxx/CVE-2018-14687.json index 982eb0f7650..ccd6725289a 100644 --- a/2018/14xxx/CVE-2018-14687.json +++ b/2018/14xxx/CVE-2018-14687.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14687", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14687", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14826.json b/2018/14xxx/CVE-2018-14826.json index 0c6ddd3f1e6..769c1b87589 100644 --- a/2018/14xxx/CVE-2018-14826.json +++ b/2018/14xxx/CVE-2018-14826.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-14826", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMG12", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 2.57" - } - ] - } - } - ] - }, - "vendor_name" : "Entes" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHENTICATION CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-14826", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMG12", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 2.57" + } + ] + } + } + ] + }, + "vendor_name": "Entes" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03" - }, - { - "name" : "105489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03" + }, + { + "name": "105489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105489" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15392.json b/2018/15xxx/CVE-2018-15392.json index 76a2a44f485..4938e667ec6 100644 --- a/2018/15xxx/CVE-2018-15392.json +++ b/2018/15xxx/CVE-2018-15392.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "DATE_PUBLIC" : "2018-10-03T16:00:00-0500", - "ID" : "CVE-2018-15392", - "STATE" : "PUBLIC", - "TITLE" : "Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Industrial Network Director ", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Cisco" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition." - } - ] - }, - "impact" : { - "cvss" : { - "baseScore" : "4.3", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-399" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "DATE_PUBLIC": "2018-10-03T16:00:00-0500", + "ID": "CVE-2018-15392", + "STATE": "PUBLIC", + "TITLE": "Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Industrial Network Director ", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Cisco" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20181003 Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability", - "refsource" : "CISCO", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos" - } - ] - }, - "source" : { - "advisory" : "cisco-sa-20181003-ind-dos", - "defect" : [ - [ - "CSCvi90140" - ] - ], - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the DHCP service of Cisco Industrial Network Director could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of DHCP lease requests. An attacker could exploit this vulnerability by sending malicious DHCP lease requests to an affected application. A successful exploit could allow the attacker to cause the DHCP service to terminate, resulting in a DoS condition." + } + ] + }, + "impact": { + "cvss": { + "baseScore": "4.3", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-399" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20181003 Cisco Industrial Network Director DHCP Request Processing Denial of Service Vulnerability", + "refsource": "CISCO", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ind-dos" + } + ] + }, + "source": { + "advisory": "cisco-sa-20181003-ind-dos", + "defect": [ + [ + "CSCvi90140" + ] + ], + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15749.json b/2018/15xxx/CVE-2018-15749.json index 74dd71231ff..ec853e89d9d 100644 --- a/2018/15xxx/CVE-2018-15749.json +++ b/2018/15xxx/CVE-2018-15749.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15749", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15749", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877", - "refsource" : "CONFIRM", - "url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877", + "refsource": "CONFIRM", + "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20052.json b/2018/20xxx/CVE-2018-20052.json index b5bd05474b1..83dd0c7b70a 100644 --- a/2018/20xxx/CVE-2018-20052.json +++ b/2018/20xxx/CVE-2018-20052.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20052", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20052", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9230.json b/2018/9xxx/CVE-2018-9230.json index 835bb568365..8d5ec17b365 100644 --- a/2018/9xxx/CVE-2018-9230.json +++ b/2018/9xxx/CVE-2018-9230.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9230", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9230", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md", - "refsource" : "MISC", - "url" : "https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md" - }, - { - "name" : "https://openresty.org/en/changelog-1013006.html", - "refsource" : "MISC", - "url" : "https://openresty.org/en/changelog-1013006.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are obtained using the ngx.req.get_uri_args and ngx.req.get_post_args functions that ignore parameters beyond the hundredth one, which might allow remote attackers to bypass intended access restrictions or interfere with certain Web Application Firewall (ngx_lua_waf or X-WAF) products. NOTE: the vendor has reported that 100 parameters is an intentional default setting, but is adjustable within the API. The vendor's position is that a security-relevant misuse of the API by a WAF product is a vulnerability in the WAF product, not a vulnerability in OpenResty." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md", + "refsource": "MISC", + "url": "https://github.com/Bypass007/vuln/blob/master/OpenResty/Uri%20parameter%20overflow%20in%20Openresty.md" + }, + { + "name": "https://openresty.org/en/changelog-1013006.html", + "refsource": "MISC", + "url": "https://openresty.org/en/changelog-1013006.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9310.json b/2018/9xxx/CVE-2018-9310.json index 120e27a34c4..3d179468639 100644 --- a/2018/9xxx/CVE-2018-9310.json +++ b/2018/9xxx/CVE-2018-9310.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9310", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9310", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.magnicomp.com/about/2018/CVE-2018-9310.html", - "refsource" : "CONFIRM", - "url" : "http://www.magnicomp.com/about/2018/CVE-2018-9310.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.magnicomp.com/about/2018/CVE-2018-9310.html", + "refsource": "CONFIRM", + "url": "http://www.magnicomp.com/about/2018/CVE-2018-9310.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9337.json b/2018/9xxx/CVE-2018-9337.json index d404da8c8ae..60a8f9550c5 100644 --- a/2018/9xxx/CVE-2018-9337.json +++ b/2018/9xxx/CVE-2018-9337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/125", - "refsource" : "CONFIRM", - "url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/125" - }, - { - "name" : "104657", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104657" - }, - { - "name" : "1041240", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1041240" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/125", + "refsource": "CONFIRM", + "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/125" + }, + { + "name": "1041240", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1041240" + }, + { + "name": "104657", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104657" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9688.json b/2018/9xxx/CVE-2018-9688.json index 34d366e1af1..18035cb1cd0 100644 --- a/2018/9xxx/CVE-2018-9688.json +++ b/2018/9xxx/CVE-2018-9688.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9688", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9688", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file