From 4fa52981b04dfac17083a3ff9e2fb6b4752ec50c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:42:01 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0037.json | 150 +++++------ 2002/0xxx/CVE-2002-0190.json | 160 ++++++------ 2002/0xxx/CVE-2002-0468.json | 190 +++++++------- 2002/0xxx/CVE-2002-0737.json | 170 ++++++------- 2002/1xxx/CVE-2002-1373.json | 250 +++++++++--------- 2002/1xxx/CVE-2002-1598.json | 180 ++++++------- 2003/0xxx/CVE-2003-0200.json | 34 +-- 2003/0xxx/CVE-2003-0474.json | 130 +++++----- 2003/0xxx/CVE-2003-0604.json | 170 ++++++------- 2003/0xxx/CVE-2003-0615.json | 270 ++++++++++---------- 2003/0xxx/CVE-2003-0912.json | 34 +-- 2003/0xxx/CVE-2003-0933.json | 120 ++++----- 2003/1xxx/CVE-2003-1329.json | 130 +++++----- 2003/1xxx/CVE-2003-1381.json | 150 +++++------ 2012/0xxx/CVE-2012-0132.json | 160 ++++++------ 2012/0xxx/CVE-2012-0168.json | 160 ++++++------ 2012/0xxx/CVE-2012-0246.json | 150 +++++------ 2012/0xxx/CVE-2012-0322.json | 130 +++++----- 2012/0xxx/CVE-2012-0672.json | 180 ++++++------- 2012/1xxx/CVE-2012-1573.json | 380 ++++++++++++++-------------- 2012/1xxx/CVE-2012-1680.json | 130 +++++----- 2012/1xxx/CVE-2012-1811.json | 150 +++++------ 2012/1xxx/CVE-2012-1856.json | 150 +++++------ 2012/1xxx/CVE-2012-1967.json | 390 ++++++++++++++--------------- 2012/3xxx/CVE-2012-3267.json | 180 ++++++------- 2012/3xxx/CVE-2012-3446.json | 130 +++++----- 2012/3xxx/CVE-2012-3471.json | 130 +++++----- 2012/4xxx/CVE-2012-4275.json | 130 +++++----- 2012/4xxx/CVE-2012-4285.json | 250 +++++++++--------- 2012/4xxx/CVE-2012-4324.json | 140 +++++------ 2017/1002xxx/CVE-2017-1002015.json | 138 +++++----- 2017/2xxx/CVE-2017-2611.json | 176 ++++++------- 2017/2xxx/CVE-2017-2691.json | 132 +++++----- 2017/2xxx/CVE-2017-2718.json | 134 +++++----- 2017/2xxx/CVE-2017-2833.json | 132 +++++----- 2017/3xxx/CVE-2017-3962.json | 168 ++++++------- 2017/6xxx/CVE-2017-6065.json | 120 ++++----- 2017/6xxx/CVE-2017-6197.json | 140 +++++------ 2017/6xxx/CVE-2017-6282.json | 122 ++++----- 2017/6xxx/CVE-2017-6466.json | 130 +++++----- 2017/6xxx/CVE-2017-6916.json | 130 +++++----- 2017/7xxx/CVE-2017-7279.json | 120 ++++----- 2017/7xxx/CVE-2017-7470.json | 160 ++++++------ 2017/7xxx/CVE-2017-7614.json | 130 +++++----- 2017/7xxx/CVE-2017-7739.json | 154 ++++++------ 2018/10xxx/CVE-2018-10603.json | 152 +++++------ 2018/10xxx/CVE-2018-10790.json | 34 +-- 2018/10xxx/CVE-2018-10866.json | 34 +-- 2018/10xxx/CVE-2018-10937.json | 170 ++++++------- 2018/10xxx/CVE-2018-10949.json | 120 ++++----- 2018/14xxx/CVE-2018-14007.json | 140 +++++------ 2018/14xxx/CVE-2018-14465.json | 34 +-- 2018/14xxx/CVE-2018-14935.json | 120 ++++----- 2018/14xxx/CVE-2018-14946.json | 130 +++++----- 2018/20xxx/CVE-2018-20317.json | 34 +-- 2018/20xxx/CVE-2018-20700.json | 34 +-- 2018/20xxx/CVE-2018-20739.json | 34 +-- 2018/9xxx/CVE-2018-9019.json | 130 +++++----- 2018/9xxx/CVE-2018-9543.json | 140 +++++------ 2018/9xxx/CVE-2018-9695.json | 34 +-- 60 files changed, 4252 insertions(+), 4252 deletions(-) diff --git a/2002/0xxx/CVE-2002-0037.json b/2002/0xxx/CVE-2002-0037.json index aba42e60ea9..567b2c5fc95 100644 --- a/2002/0xxx/CVE-2002-0037.json +++ b/2002/0xxx/CVE-2002-0037.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0037", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0037", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20010917 Lotus Notes: File attachments may be extracted regardless of document security", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html" - }, - { - "name" : "20010917 Re: Lotus Notes: File attachments may be extracted regardless of document security", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0150.html" - }, - { - "name" : "VU#657899", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/657899" - }, - { - "name" : "lotus-domino-nsfdbreadobject(10095)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10095.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass the intended Reader and Author access list for a document's object via a Notes API call (NSFDbReadObject) that directly accesses the object." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "lotus-domino-nsfdbreadobject(10095)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10095.php" + }, + { + "name": "20010917 Re: Lotus Notes: File attachments may be extracted regardless of document security", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0150.html" + }, + { + "name": "20010917 Lotus Notes: File attachments may be extracted regardless of document security", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0147.html" + }, + { + "name": "VU#657899", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/657899" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0190.json b/2002/0xxx/CVE-2002-0190.json index 414c7c1fc8f..ffea8f910aa 100644 --- a/2002/0xxx/CVE-2002-0190.json +++ b/2002/0xxx/CVE-2002-0190.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka \"Zone Spoofing through Malformed Web Page\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS02-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" - }, - { - "name" : "VU#242891", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/242891" - }, - { - "name" : "ie-netbios-incorrect-security-zone(9084)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9084.php" - }, - { - "name" : "4753", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4753" - }, - { - "name" : "oval:org.mitre.oval:def:923", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A923" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka \"Zone Spoofing through Malformed Web Page\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS02-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023" + }, + { + "name": "ie-netbios-incorrect-security-zone(9084)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9084.php" + }, + { + "name": "oval:org.mitre.oval:def:923", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A923" + }, + { + "name": "VU#242891", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/242891" + }, + { + "name": "4753", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4753" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0468.json b/2002/0xxx/CVE-2002-0468.json index 0fc0f667a61..79720396bc0 100644 --- a/2002/0xxx/CVE-2002-0468.json +++ b/2002/0xxx/CVE-2002-0468.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020427 Response to KF about Listar/Ecartis Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/269879" - }, - { - "name" : "20020227 listar / ecaris remote or local?", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/258763" - }, - { - "name" : "20020425 ecartis / listar PoC", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/269658" - }, - { - "name" : "20020310 Ecartis/Listar multiple vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/261209" - }, - { - "name" : "http://www.ecartis.org/", - "refsource" : "CONFIRM", - "url" : "http://www.ecartis.org/" - }, - { - "name" : "http://marc.info/?l=listar-support&m=101590272221720&w=2", - "refsource" : "MISC", - "url" : "http://marc.info/?l=listar-support&m=101590272221720&w=2" - }, - { - "name" : "4271", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4271" - }, - { - "name" : "ecartis-local-bo(8445)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8445.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020227 listar / ecaris remote or local?", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/258763" + }, + { + "name": "ecartis-local-bo(8445)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8445.php" + }, + { + "name": "20020427 Response to KF about Listar/Ecartis Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/269879" + }, + { + "name": "http://www.ecartis.org/", + "refsource": "CONFIRM", + "url": "http://www.ecartis.org/" + }, + { + "name": "4271", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4271" + }, + { + "name": "20020425 ecartis / listar PoC", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/269658" + }, + { + "name": "20020310 Ecartis/Listar multiple vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/261209" + }, + { + "name": "http://marc.info/?l=listar-support&m=101590272221720&w=2", + "refsource": "MISC", + "url": "http://marc.info/?l=listar-support&m=101590272221720&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0737.json b/2002/0xxx/CVE-2002-0737.json index 0dd25016740..522ce325462 100644 --- a/2002/0xxx/CVE-2002-0737.json +++ b/2002/0xxx/CVE-2002-0737.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0737", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0737", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/268121" - }, - { - "name" : "20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html" - }, - { - "name" : "http://www.sambar.com/security.htm", - "refsource" : "CONFIRM", - "url" : "http://www.sambar.com/security.htm" - }, - { - "name" : "sambar-script-source-disclosure(8876)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8876.php" - }, - { - "name" : "4533", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4533" - }, - { - "name" : "5123", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5123" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.sambar.com/security.htm", + "refsource": "CONFIRM", + "url": "http://www.sambar.com/security.htm" + }, + { + "name": "20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html" + }, + { + "name": "sambar-script-source-disclosure(8876)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8876.php" + }, + { + "name": "5123", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5123" + }, + { + "name": "4533", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4533" + }, + { + "name": "20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/268121" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1373.json b/2002/1xxx/CVE-2002-1373.json index 2330b4fa2ae..d0c772e154a 100644 --- a/2002/1xxx/CVE-2002-1373.json +++ b/2002/1xxx/CVE-2002-1373.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021212 Advisory 04/2002: Multiple MySQL vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103971644013961&w=2" - }, - { - "name" : "http://security.e-matters.de/advisories/042002.html", - "refsource" : "MISC", - "url" : "http://security.e-matters.de/advisories/042002.html" - }, - { - "name" : "CLSA-2002:555", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555" - }, - { - "name" : "DSA-212", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-212" - }, - { - "name" : "200212-2", - "refsource" : "GENTOO", - "url" : "http://marc.info/?l=bugtraq&m=104004857201968&w=2" - }, - { - "name" : "IMNX-2003-7+-008-01", - "refsource" : "IMMUNIX", - "url" : "http://www.securityfocus.com/advisories/5269" - }, - { - "name" : "MDKSA-2002:087", - "refsource" : "MANDRAKE", - "url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087" - }, - { - "name" : "RHSA-2002:288", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-288.html" - }, - { - "name" : "RHSA-2002:289", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2002-289.html" - }, - { - "name" : "RHSA-2003:166", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-166.html" - }, - { - "name" : "SUSE-SA:2003:003", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2003_003_mysql.html" - }, - { - "name" : "2002-0086", - "refsource" : "TRUSTIX", - "url" : "http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt" - }, - { - "name" : "6368", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6368" - }, - { - "name" : "mysql-comtabledump-dos(10846)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10846" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021212 Advisory 04/2002: Multiple MySQL vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103971644013961&w=2" + }, + { + "name": "CLSA-2002:555", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555" + }, + { + "name": "http://security.e-matters.de/advisories/042002.html", + "refsource": "MISC", + "url": "http://security.e-matters.de/advisories/042002.html" + }, + { + "name": "DSA-212", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-212" + }, + { + "name": "RHSA-2002:288", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-288.html" + }, + { + "name": "MDKSA-2002:087", + "refsource": "MANDRAKE", + "url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087" + }, + { + "name": "RHSA-2003:166", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-166.html" + }, + { + "name": "6368", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6368" + }, + { + "name": "200212-2", + "refsource": "GENTOO", + "url": "http://marc.info/?l=bugtraq&m=104004857201968&w=2" + }, + { + "name": "mysql-comtabledump-dos(10846)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10846" + }, + { + "name": "SUSE-SA:2003:003", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2003_003_mysql.html" + }, + { + "name": "RHSA-2002:289", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2002-289.html" + }, + { + "name": "2002-0086", + "refsource": "TRUSTIX", + "url": "http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt" + }, + { + "name": "IMNX-2003-7+-008-01", + "refsource": "IMMUNIX", + "url": "http://www.securityfocus.com/advisories/5269" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1598.json b/2002/1xxx/CVE-2002-1598.json index 788060affd9..14b00e44a2a 100644 --- a/2002/1xxx/CVE-2002-1598.json +++ b/2002/1xxx/CVE-2002-1598.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1598", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1598", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020405 Re: CA security contact", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/266052" - }, - { - "name" : "ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README" - }, - { - "name" : "VU#544995", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/544995" - }, - { - "name" : "VU#772915", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/772915" - }, - { - "name" : "4440", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4440" - }, - { - "name" : "4441", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4441" - }, - { - "name" : "ca-mlink-bo(8776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#544995", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/544995" + }, + { + "name": "ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README", + "refsource": "CONFIRM", + "url": "ftp://ftp.ca.com/pub/unicenter/mlink/mlink.13/MLINK13.README" + }, + { + "name": "ca-mlink-bo(8776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8776" + }, + { + "name": "4440", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4440" + }, + { + "name": "20020405 Re: CA security contact", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/266052" + }, + { + "name": "VU#772915", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/772915" + }, + { + "name": "4441", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4441" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0200.json b/2003/0xxx/CVE-2003-0200.json index ea5e2ddde4d..636f082e418 100644 --- a/2003/0xxx/CVE-2003-0200.json +++ b/2003/0xxx/CVE-2003-0200.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0200", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0200", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0474.json b/2003/0xxx/CVE-2003-0474.json index 92485f6ec23..93082c5812a 100644 --- a/2003/0xxx/CVE-2003-0474.json +++ b/2003/0xxx/CVE-2003-0474.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0474", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0474", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105049794801319&w=2" - }, - { - "name" : "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105673543626636&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in iWeb Server allows remote attackers to read arbitrary files via an HTTP request containing .. sequences, a different vulnerability than CVE-2003-0475." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030416 SFAD03-001: iWeb Mini Web Server Remote Directory Traversal", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105049794801319&w=2" + }, + { + "name": "20030627 Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105673543626636&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0604.json b/2003/0xxx/CVE-2003-0604.json index 2f80739a1da..086e4e0a13d 100644 --- a/2003/0xxx/CVE-2003-0604.json +++ b/2003/0xxx/CVE-2003-0604.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0604", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0604", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105899261818572&w=2" - }, - { - "name" : "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2" - }, - { - "name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2" - }, - { - "name" : "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105906867322856&w=2" - }, - { - "name" : "http://www.malware.com/once.again!.html", - "refsource" : "MISC", - "url" : "http://www.malware.com/once.again!.html" - }, - { - "name" : "http://www.pivx.com/larholm/unpatched/", - "refsource" : "MISC", - "url" : "http://www.pivx.com/larholm/unpatched/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via an IFRAME tag pointing to an ASF file whose Content-location contains a File:// URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105906261314411&w=2" + }, + { + "name": "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105899408520292&w=2" + }, + { + "name": "20030723 Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105899261818572&w=2" + }, + { + "name": "http://www.pivx.com/larholm/unpatched/", + "refsource": "MISC", + "url": "http://www.pivx.com/larholm/unpatched/" + }, + { + "name": "http://www.malware.com/once.again!.html", + "refsource": "MISC", + "url": "http://www.malware.com/once.again!.html" + }, + { + "name": "20030723 Re: Drivial Pursuit: Internet Explorer Browser & Your Files and Folders !", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105906867322856&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0615.json b/2003/0xxx/CVE-2003-0615.json index 5e83d05a439..2b30728a2a9 100644 --- a/2003/0xxx/CVE-2003-0615.json +++ b/2003/0xxx/CVE-2003-0615.json @@ -1,137 +1,137 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0615", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0615", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030720 CGI.pm vulnerable to Cross-site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105880349328877&w=2" - }, - { - "name" : "20030720 CGI.pm vulnerable to Cross-site Scripting.", - "refsource" : "FULLDISC", - "url" : "http://marc.info/?l=full-disclosure&m=105875211018698&w=2" - }, - { - "name" : "CLA-2003:713", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713" - }, - { - "name" : "DSA-371", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-371" - }, - { - "name" : "MDKSA-2003:084", - "refsource" : "MANDRAKE", - "url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084" - }, - { - "name" : "RHSA-2003:256", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-256.html" - }, - { - "name" : "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106018783704468&w=2" - }, - { - "name" : "101426", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1" - }, - { - "name" : "VU#246409", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/246409" - }, - { - "name" : "N-155", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/n-155.shtml" - }, - { - "name" : "8231", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8231" - }, - { - "name" : "oval:org.mitre.oval:def:470", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470" - }, - { - "name" : "oval:org.mitre.oval:def:307", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307" - }, - { - "name" : "1007234", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1007234" - }, - { - "name" : "13638", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13638" - }, - { - "name" : "cgi-startform-xss(12669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030720 CGI.pm vulnerable to Cross-site Scripting.", + "refsource": "FULLDISC", + "url": "http://marc.info/?l=full-disclosure&m=105875211018698&w=2" + }, + { + "name": "MDKSA-2003:084", + "refsource": "MANDRAKE", + "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:084" + }, + { + "name": "DSA-371", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-371" + }, + { + "name": "20030720 CGI.pm vulnerable to Cross-site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105880349328877&w=2" + }, + { + "name": "CLA-2003:713", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713" + }, + { + "name": "N-155", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/n-155.shtml" + }, + { + "name": "cgi-startform-xss(12669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12669" + }, + { + "name": "20030806 [OpenPKG-SA-2003.036] OpenPKG Security Advisory (perl-www)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106018783704468&w=2" + }, + { + "name": "1007234", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1007234" + }, + { + "name": "RHSA-2003:256", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-256.html" + }, + { + "name": "101426", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1" + }, + { + "name": "13638", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13638" + }, + { + "name": "oval:org.mitre.oval:def:470", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A470" + }, + { + "name": "oval:org.mitre.oval:def:307", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A307" + }, + { + "name": "8231", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8231" + }, + { + "name": "VU#246409", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/246409" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0912.json b/2003/0xxx/CVE-2003-0912.json index e9f20d88874..3848969db2e 100644 --- a/2003/0xxx/CVE-2003-0912.json +++ b/2003/0xxx/CVE-2003-0912.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0912", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0912", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0933.json b/2003/0xxx/CVE-2003-0933.json index a8e1799790f..5c34e53f493 100644 --- a/2003/0xxx/CVE-2003-0933.json +++ b/2003/0xxx/CVE-2003-0933.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0933", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0933", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-398", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-398" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-398", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-398" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1329.json b/2003/1xxx/CVE-2003-1329.json index 8c164375be1..f9323755b54 100644 --- a/2003/1xxx/CVE-2003-1329.json +++ b/2003/1xxx/CVE-2003-1329.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1329", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1329", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch", - "refsource" : "CONFIRM", - "url" : "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch" - }, - { - "name" : "34670", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/34670" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ftpd.c in wu-ftpd 2.6.2, when running on \"operating systems that only allow one non-connected socket bound to the same local address,\" does not close failed connections, which allows remote attackers to cause a denial of service." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34670", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/34670" + }, + { + "name": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch", + "refsource": "CONFIRM", + "url": "ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/connect-dos.patch" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1381.json b/2003/1xxx/CVE-2003-1381.json index aa388f8b447..115d29bbf28 100644 --- a/2003/1xxx/CVE-2003-1381.json +++ b/2003/1xxx/CVE-2003-1381.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1381", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1381", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313273" - }, - { - "name" : "3258", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3258" - }, - { - "name" : "amx-amxsay-format-string(11427)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11427" - }, - { - "name" : "6968", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6968" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Software's Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "6968", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6968" + }, + { + "name": "amx-amxsay-format-string(11427)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11427" + }, + { + "name": "3258", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3258" + }, + { + "name": "20030226 [VSA0308] Half-Life AMX-Mod remote (root) hole", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313273" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0132.json b/2012/0xxx/CVE-2012-0132.json index f05729a7034..c57c3513094 100644 --- a/2012/0xxx/CVE-2012-0132.json +++ b/2012/0xxx/CVE-2012-0132.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0132", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-0132", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02749", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522204" - }, - { - "name" : "SSRT100793", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/522204" - }, - { - "name" : "52880", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52880" - }, - { - "name" : "48677", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48677" - }, - { - "name" : "hp-bac-unspec-xss(74640)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48677", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48677" + }, + { + "name": "HPSBMU02749", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522204" + }, + { + "name": "52880", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52880" + }, + { + "name": "SSRT100793", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/522204" + }, + { + "name": "hp-bac-unspec-xss(74640)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74640" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0168.json b/2012/0xxx/CVE-2012-0168.json index 60d7100be1c..7dc7b42d099 100644 --- a/2012/0xxx/CVE-2012-0168.json +++ b/2012/0xxx/CVE-2012-0168.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0168", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a \"Print table of links\" print operation, aka \"Print Feature Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0168", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-023", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023" - }, - { - "name" : "81126", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81126" - }, - { - "name" : "oval:org.mitre.oval:def:15577", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577" - }, - { - "name" : "1026901", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026901" - }, - { - "name" : "ie-html-page-code-exec(74379)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74379" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a \"Print table of links\" print operation, aka \"Print Feature Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15577", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15577" + }, + { + "name": "MS12-023", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023" + }, + { + "name": "1026901", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026901" + }, + { + "name": "81126", + "refsource": "OSVDB", + "url": "http://osvdb.org/81126" + }, + { + "name": "ie-html-page-code-exec(74379)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74379" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0246.json b/2012/0xxx/CVE-2012-0246.json index 75a0e36b174..dcf4c1001ad 100644 --- a/2012/0xxx/CVE-2012-0246.json +++ b/2012/0xxx/CVE-2012-0246.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0246", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-0246", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf" - }, - { - "name" : "80650", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80650" - }, - { - "name" : "48558", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48558" - }, - { - "name" : "integraxor-activex-directory-traversal(74388)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in an unspecified ActiveX control in Ecava IntegraXor before 3.71.4200 allows remote attackers to execute arbitrary code via vectors involving an HTML document on the server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48558", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48558" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-083-01.pdf" + }, + { + "name": "integraxor-activex-directory-traversal(74388)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74388" + }, + { + "name": "80650", + "refsource": "OSVDB", + "url": "http://osvdb.org/80650" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0322.json b/2012/0xxx/CVE-2012-0322.json index a716160dfa2..486bff37c58 100644 --- a/2012/0xxx/CVE-2012-0322.json +++ b/2012/0xxx/CVE-2012-0322.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0322", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0322", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#08871006", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN08871006/index.html" - }, - { - "name" : "JVNDB-2012-000020", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000020" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspecified function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000020", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000020" + }, + { + "name": "JVN#08871006", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN08871006/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0672.json b/2012/0xxx/CVE-2012-0672.json index b8eac328168..c07d1f799b5 100644 --- a/2012/0xxx/CVE-2012-0672.json +++ b/2012/0xxx/CVE-2012-0672.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5282", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5282" - }, - { - "name" : "APPLE-SA-2012-05-07-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-05-09-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00002.html" - }, - { - "name" : "APPLE-SA-2012-06-11-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html" - }, - { - "name" : "53404", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53404" - }, - { - "name" : "47292", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47292" - }, - { - "name" : "appleios-webkit-code-execution(75431)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53404", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53404" + }, + { + "name": "APPLE-SA-2012-05-07-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5282", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5282" + }, + { + "name": "appleios-webkit-code-execution(75431)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75431" + }, + { + "name": "APPLE-SA-2012-05-09-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00002.html" + }, + { + "name": "APPLE-SA-2012-06-11-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html" + }, + { + "name": "47292", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47292" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1573.json b/2012/1xxx/CVE-2012-1573.json index 81568c700e8..4ea741c843b 100644 --- a/2012/1xxx/CVE-2012-1573.json +++ b/2012/1xxx/CVE-2012-1573.json @@ -1,192 +1,192 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1573", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1573", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" - }, - { - "name" : "[gnutls-devel] 20120302 gnutls 2.12.16", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910" - }, - { - "name" : "[gnutls-devel] 20120302 gnutls 3.0.15", - "refsource" : "MLIST", - "url" : "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912" - }, - { - "name" : "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/4" - }, - { - "name" : "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/21/5" - }, - { - "name" : "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", - "refsource" : "MISC", - "url" : "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" - }, - { - "name" : "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d" - }, - { - "name" : "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185", - "refsource" : "CONFIRM", - "url" : "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185" - }, - { - "name" : "http://www.gnu.org/software/gnutls/security.html", - "refsource" : "CONFIRM", - "url" : "http://www.gnu.org/software/gnutls/security.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=805432", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=805432" - }, - { - "name" : "DSA-2441", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2441" - }, - { - "name" : "FEDORA-2012-4569", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" - }, - { - "name" : "FEDORA-2012-4578", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html" - }, - { - "name" : "MDVSA-2012:040", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040" - }, - { - "name" : "RHSA-2012:0429", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0429.html" - }, - { - "name" : "RHSA-2012:0488", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0488.html" - }, - { - "name" : "RHSA-2012:0531", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0531.html" - }, - { - "name" : "SUSE-SU-2014:0320", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" - }, - { - "name" : "USN-1418-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1418-1" - }, - { - "name" : "52667", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52667" - }, - { - "name" : "80259", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80259" - }, - { - "name" : "1026828", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026828" - }, - { - "name" : "48596", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48596" - }, - { - "name" : "48488", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48488" - }, - { - "name" : "48712", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48712" - }, - { - "name" : "57260", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/57260" - }, - { - "name" : "48511", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48511" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1418-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1418-1" + }, + { + "name": "57260", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/57260" + }, + { + "name": "RHSA-2012:0531", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html" + }, + { + "name": "[gnutls-devel] 20120302 gnutls 3.0.15", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912" + }, + { + "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=805432", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432" + }, + { + "name": "48511", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48511" + }, + { + "name": "80259", + "refsource": "OSVDB", + "url": "http://osvdb.org/80259" + }, + { + "name": "52667", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52667" + }, + { + "name": "[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5" + }, + { + "name": "48488", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48488" + }, + { + "name": "48712", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48712" + }, + { + "name": "http://www.gnu.org/software/gnutls/security.html", + "refsource": "CONFIRM", + "url": "http://www.gnu.org/software/gnutls/security.html" + }, + { + "name": "1026828", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026828" + }, + { + "name": "FEDORA-2012-4569", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html" + }, + { + "name": "FEDORA-2012-4578", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html" + }, + { + "name": "RHSA-2012:0488", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html" + }, + { + "name": "SUSE-SU-2014:0320", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html" + }, + { + "name": "48596", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48596" + }, + { + "name": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/", + "refsource": "MISC", + "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/" + }, + { + "name": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d", + "refsource": "CONFIRM", + "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d" + }, + { + "name": "[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4" + }, + { + "name": "[gnutls-devel] 20120302 gnutls 2.12.16", + "refsource": "MLIST", + "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910" + }, + { + "name": "DSA-2441", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2441" + }, + { + "name": "MDVSA-2012:040", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040" + }, + { + "name": "RHSA-2012:0429", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html" + }, + { + "name": "20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1680.json b/2012/1xxx/CVE-2012-1680.json index 2e76ec87b85..efdce42fedb 100644 --- a/2012/1xxx/CVE-2012-1680.json +++ b/2012/1xxx/CVE-2012-1680.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1811.json b/2012/1xxx/CVE-2012-1811.json index db80b087896..e7385e04fcd 100644 --- a/2012/1xxx/CVE-2012-1811.json +++ b/2012/1xxx/CVE-2012-1811.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1811", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2012-1811", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf" - }, - { - "name" : "56364", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56364" - }, - { - "name" : "51171", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51171" - }, - { - "name" : "eoscada-eosdataserver-dos(79754)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79754" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote attackers to cause a denial of service by sending a large amount of data to TCP port 24006." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51171", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51171" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-271-01.pdf" + }, + { + "name": "56364", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56364" + }, + { + "name": "eoscada-eosdataserver-dos(79754)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79754" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1856.json b/2012/1xxx/CVE-2012-1856.json index 29793d40483..7f026c895e5 100644 --- a/2012/1xxx/CVE-2012-1856.json +++ b/2012/1xxx/CVE-2012-1856.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1856", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-1856", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-060", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060" - }, - { - "name" : "TA12-227A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" - }, - { - "name" : "54948", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54948" - }, - { - "name" : "oval:org.mitre.oval:def:15447", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka \"MSCOMCTL.OCX RCE Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MS12-060", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060" + }, + { + "name": "oval:org.mitre.oval:def:15447", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447" + }, + { + "name": "TA12-227A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" + }, + { + "name": "54948", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54948" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1967.json b/2012/1xxx/CVE-2012-1967.json index 3b7733c38f4..2efea65652f 100644 --- a/2012/1xxx/CVE-2012-1967.json +++ b/2012/1xxx/CVE-2012-1967.json @@ -1,197 +1,197 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1967", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1967", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-56.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-56.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=758344", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=758344" - }, - { - "name" : "DSA-2528", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2528" - }, - { - "name" : "DSA-2514", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2514" - }, - { - "name" : "RHSA-2012:1088", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1088.html" - }, - { - "name" : "openSUSE-SU-2012:0899", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" - }, - { - "name" : "openSUSE-SU-2012:0917", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:0895", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" - }, - { - "name" : "SUSE-SU-2012:0896", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" - }, - { - "name" : "USN-1509-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-1" - }, - { - "name" : "USN-1509-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1509-2" - }, - { - "name" : "USN-1510-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1510-1" - }, - { - "name" : "54573", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54573" - }, - { - "name" : "84013", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/84013" - }, - { - "name" : "oval:org.mitre.oval:def:17025", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025" - }, - { - "name" : "1027256", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027256" - }, - { - "name" : "1027257", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027257" - }, - { - "name" : "1027258", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027258" - }, - { - "name" : "49965", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49965" - }, - { - "name" : "49972", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49972" - }, - { - "name" : "49992", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49992" - }, - { - "name" : "49963", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49963" - }, - { - "name" : "49964", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49964" - }, - { - "name" : "49968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49968" - }, - { - "name" : "49977", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49977" - }, - { - "name" : "49979", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49979" - }, - { - "name" : "49993", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49993" - }, - { - "name" : "49994", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49994" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49977", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49977" + }, + { + "name": "49992", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49992" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-56.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-56.html" + }, + { + "name": "DSA-2514", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2514" + }, + { + "name": "DSA-2528", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2528" + }, + { + "name": "1027256", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027256" + }, + { + "name": "RHSA-2012:1088", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1088.html" + }, + { + "name": "49963", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49963" + }, + { + "name": "84013", + "refsource": "OSVDB", + "url": "http://osvdb.org/84013" + }, + { + "name": "USN-1509-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-2" + }, + { + "name": "1027258", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027258" + }, + { + "name": "oval:org.mitre.oval:def:17025", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17025" + }, + { + "name": "49979", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49979" + }, + { + "name": "SUSE-SU-2012:0895", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00011.html" + }, + { + "name": "USN-1510-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1510-1" + }, + { + "name": "49965", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49965" + }, + { + "name": "1027257", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027257" + }, + { + "name": "openSUSE-SU-2012:0917", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00016.html" + }, + { + "name": "54573", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54573" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=758344", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=758344" + }, + { + "name": "49964", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49964" + }, + { + "name": "SUSE-SU-2012:0896", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00012.html" + }, + { + "name": "49994", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49994" + }, + { + "name": "openSUSE-SU-2012:0899", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00013.html" + }, + { + "name": "49968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49968" + }, + { + "name": "USN-1509-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1509-1" + }, + { + "name": "49993", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49993" + }, + { + "name": "49972", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49972" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3267.json b/2012/3xxx/CVE-2012-3267.json index 412de59d925..7ac232af068 100644 --- a/2012/3xxx/CVE-2012-3267.json +++ b/2012/3xxx/CVE-2012-3267.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "hp-security-alert@hp.com", + "ID": "CVE-2012-3267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "HPSBMU02817", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03507708" - }, - { - "name" : "SSRT100950", - "refsource" : "HP", - "url" : "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03507708" - }, - { - "name" : "55773", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55773" - }, - { - "name" : "85891", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/85891" - }, - { - "name" : "1027605", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027605" - }, - { - "name" : "50861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50861" - }, - { - "name" : "hp-nnmi-info-disc(79017)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79017" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 allows remote attackers to obtain sensitive information via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "hp-nnmi-info-disc(79017)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79017" + }, + { + "name": "1027605", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027605" + }, + { + "name": "55773", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55773" + }, + { + "name": "50861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50861" + }, + { + "name": "HPSBMU02817", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03507708" + }, + { + "name": "SSRT100950", + "refsource": "HP", + "url": "http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03507708" + }, + { + "name": "85891", + "refsource": "OSVDB", + "url": "http://osvdb.org/85891" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3446.json b/2012/3xxx/CVE-2012-3446.json index c250aed7cf4..9a884e19676 100644 --- a/2012/3xxx/CVE-2012-3446.json +++ b/2012/3xxx/CVE-2012-3446.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3446", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3446", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", - "refsource" : "MISC", - "url" : "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" - }, - { - "name" : "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES", + "refsource": "CONFIRM", + "url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES" + }, + { + "name": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf", + "refsource": "MISC", + "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3471.json b/2012/3xxx/CVE-2012-3471.json index 9462bcf6946..66d41c8a728 100644 --- a/2012/3xxx/CVE-2012-3471.json +++ b/2012/3xxx/CVE-2012-3471.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3471", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-3471", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120809 Re: CVE request for Ushahidi", - "refsource" : "MLIST", - "url" : "http://openwall.com/lists/oss-security/2012/08/09/5" - }, - { - "name" : "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0", - "refsource" : "CONFIRM", - "url" : "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120809 Re: CVE request for Ushahidi", + "refsource": "MLIST", + "url": "http://openwall.com/lists/oss-security/2012/08/09/5" + }, + { + "name": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0", + "refsource": "CONFIRM", + "url": "https://github.com/ushahidi/Ushahidi_Web/commit/3f14fa0" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4275.json b/2012/4xxx/CVE-2012-4275.json index b94482582e8..24344df3446 100644 --- a/2012/4xxx/CVE-2012-4275.json +++ b/2012/4xxx/CVE-2012-4275.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4275", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4275", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html" - }, - { - "name" : "49144", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 before 03-00-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "49144", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49144" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-014/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4285.json b/2012/4xxx/CVE-2012-4285.json index c8f5c39fa24..5a43cce8b29 100644 --- a/2012/4xxx/CVE-2012-4285.json +++ b/2012/4xxx/CVE-2012-4285.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4285", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4285", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247" - }, - { - "name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247", - "refsource" : "CONFIRM", - "url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247" - }, - { - "name" : "http://www.wireshark.org/security/wnpa-sec-2012-13.html", - "refsource" : "CONFIRM", - "url" : "http://www.wireshark.org/security/wnpa-sec-2012-13.html" - }, - { - "name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566", - "refsource" : "CONFIRM", - "url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566" - }, - { - "name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", - "refsource" : "CONFIRM", - "url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" - }, - { - "name" : "GLSA-201308-05", - "refsource" : "GENTOO", - "url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" - }, - { - "name" : "RHSA-2013:0125", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0125.html" - }, - { - "name" : "openSUSE-SU-2012:1067", - "refsource" : "SUSE", - "url" : "https://hermes.opensuse.org/messages/15514562" - }, - { - "name" : "openSUSE-SU-2012:1035", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" - }, - { - "name" : "55035", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55035" - }, - { - "name" : "oval:org.mitre.oval:def:15712", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15712" - }, - { - "name" : "51363", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51363" - }, - { - "name" : "50276", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50276" - }, - { - "name" : "54425", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54425" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "55035", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55035" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=44247&r2=44246&pathrev=44247" + }, + { + "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566", + "refsource": "CONFIRM", + "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7566" + }, + { + "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247", + "refsource": "CONFIRM", + "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44247" + }, + { + "name": "54425", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54425" + }, + { + "name": "RHSA-2013:0125", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0125.html" + }, + { + "name": "oval:org.mitre.oval:def:15712", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15712" + }, + { + "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", + "refsource": "CONFIRM", + "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" + }, + { + "name": "GLSA-201308-05", + "refsource": "GENTOO", + "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" + }, + { + "name": "51363", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51363" + }, + { + "name": "openSUSE-SU-2012:1035", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00033.html" + }, + { + "name": "http://www.wireshark.org/security/wnpa-sec-2012-13.html", + "refsource": "CONFIRM", + "url": "http://www.wireshark.org/security/wnpa-sec-2012-13.html" + }, + { + "name": "50276", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50276" + }, + { + "name": "openSUSE-SU-2012:1067", + "refsource": "SUSE", + "url": "https://hermes.opensuse.org/messages/15514562" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4324.json b/2012/4xxx/CVE-2012-4324.json index 9bc033f93e2..5658f677a95 100644 --- a/2012/4xxx/CVE-2012-4324.json +++ b/2012/4xxx/CVE-2012-4324.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html" - }, - { - "name" : "80948", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80948" - }, - { - "name" : "vacationrentallisting-index-csrf(74683)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74683" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "vacationrentallisting-index-csrf(74683)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74683" + }, + { + "name": "http://packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111564/Vacation-Rental-Listing-Cross-Site-Request-Forgery.html" + }, + { + "name": "80948", + "refsource": "OSVDB", + "url": "http://osvdb.org/80948" + } + ] + } +} \ No newline at end of file diff --git a/2017/1002xxx/CVE-2017-1002015.json b/2017/1002xxx/CVE-2017-1002015.json index 7270e0f56c1..a9e76659a30 100644 --- a/2017/1002xxx/CVE-2017-1002015.json +++ b/2017/1002xxx/CVE-2017-1002015.json @@ -1,71 +1,71 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve-assign@distributedweaknessfiling.org", - "DATE_ASSIGNED" : "2017-04-01", - "ID" : "CVE-2017-1002015", - "REQUESTER" : "kurt@seifried.org", - "STATE" : "PUBLIC", - "UPDATED" : "2017-08-10T14:41Z" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "image-gallery-with-slideshow", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "1.5.2" - } - ] - } - } - ] - }, - "vendor_name" : "Anblik" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "larry0@me.com", + "DATE_ASSIGNED": "2017-04-01", + "ID": "CVE-2017-1002015", + "REQUESTER": "kurt@seifried.org", + "STATE": "PUBLIC", + "UPDATED": "2017-08-10T14:41Z" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "image-gallery-with-slideshow", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "1.5.2" + } + ] + } + } + ] + }, + "vendor_name": "Anblik" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.vapidlabs.com/advisory.php?v=189", - "refsource" : "MISC", - "url" : "http://www.vapidlabs.com/advisory.php?v=189" - }, - { - "name" : "https://wordpress.org/plugins/image-gallery-with-slideshow/", - "refsource" : "MISC", - "url" : "https://wordpress.org/plugins/image-gallery-with-slideshow/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://wordpress.org/plugins/image-gallery-with-slideshow/", + "refsource": "MISC", + "url": "https://wordpress.org/plugins/image-gallery-with-slideshow/" + }, + { + "name": "http://www.vapidlabs.com/advisory.php?v=189", + "refsource": "MISC", + "url": "http://www.vapidlabs.com/advisory.php?v=189" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2611.json b/2017/2xxx/CVE-2017-2611.json index c21fe90db9b..ad2d9704128 100644 --- a/2017/2xxx/CVE-2017-2611.json +++ b/2017/2xxx/CVE-2017-2611.json @@ -1,90 +1,90 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2017-2611", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "jenkins", - "version" : { - "version_data" : [ - { - "version_value" : "jenkins 2.44" - }, - { - "version_value" : " jenkins 2.32.2" - } - ] - } - } - ] - }, - "vendor_name" : "" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-358" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2611", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "jenkins", + "version": { + "version_data": [ + { + "version_value": "jenkins 2.44" + }, + { + "version_value": " jenkins 2.32.2" + } + ] + } + } + ] + }, + "vendor_name": "" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611" - }, - { - "name" : "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", - "refsource" : "CONFIRM", - "url" : "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86" - }, - { - "name" : "https://jenkins.io/security/advisory/2017-02-01/", - "refsource" : "CONFIRM", - "url" : "https://jenkins.io/security/advisory/2017-02-01/" - }, - { - "name" : "95956", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95956" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient permission check for periodic processes (SECURITY-389). The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-358" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jenkins.io/security/advisory/2017-02-01/", + "refsource": "CONFIRM", + "url": "https://jenkins.io/security/advisory/2017-02-01/" + }, + { + "name": "95956", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95956" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2611" + }, + { + "name": "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86", + "refsource": "CONFIRM", + "url": "https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301a5173b9fa86" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2691.json b/2017/2xxx/CVE-2017-2691.json index 094b0523cd8..1b3f9647e00 100644 --- a/2017/2xxx/CVE-2017-2691.json +++ b/2017/2xxx/CVE-2017-2691.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2691", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Huawei P9", - "version" : { - "version_data" : [ - { - "version_value" : "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373," - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Lock-screen Bypass" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2691", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Huawei P9", + "version": { + "version_data": [ + { + "version_value": "Versions earlier before EVA-AL10C00B373, Versions earlier before EVA-CL00C92B373, Versions earlier before EVA-DL00C17B373, Versions earlier before EVA-TL00C01B373," + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en" - }, - { - "name" : "95658", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95658" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force the phone to the fastboot mode and delete the user's password file during the reboot process, then login the phone without screen lock password after reboot." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Lock-screen Bypass" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95658", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95658" + }, + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170118-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2718.json b/2017/2xxx/CVE-2017-2718.json index 36662f4c567..816b13d7369 100644 --- a/2017/2xxx/CVE-2017-2718.json +++ b/2017/2xxx/CVE-2017-2718.json @@ -1,69 +1,69 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-2718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FusionSphere OpenStack", - "version" : { - "version_data" : [ - { - "version_value" : "V100R006C00£" - }, - { - "version_value" : "¬" - }, - { - "version_value" : "V100R006C10RC2" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Command Injection" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-2718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FusionSphere OpenStack", + "version": { + "version_data": [ + { + "version_value": "V100R006C00£" + }, + { + "version_value": "¬" + }, + { + "version_value": "V100R006C10RC2" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Command Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2833.json b/2017/2xxx/CVE-2017-2833.json index fdd130e98ba..b3cfa15368d 100644 --- a/2017/2xxx/CVE-2017-2833.json +++ b/2017/2xxx/CVE-2017-2833.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "talos-cna@cisco.com", - "DATE_PUBLIC" : "2017-06-19T00:00:00", - "ID" : "CVE-2017-2833", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Indoor IP Camera", - "version" : { - "version_data" : [ - { - "version_value" : "C1 Series" - } - ] - } - } - ] - }, - "vendor_name" : "Foscam" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "command injection" - } + "CVE_data_meta": { + "ASSIGNER": "talos-cna@cisco.com", + "DATE_PUBLIC": "2017-06-19T00:00:00", + "ID": "CVE-2017-2833", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Indoor IP Camera", + "version": { + "version_data": [ + { + "version_value": "C1 Series" + } + ] + } + } + ] + }, + "vendor_name": "Foscam" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334", - "refsource" : "MISC", - "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334" - }, - { - "name" : "99184", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99184" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "command injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "99184", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99184" + }, + { + "name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334", + "refsource": "MISC", + "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0334" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3962.json b/2017/3xxx/CVE-2017-3962.json index 81c429211ac..87336fdcb48 100644 --- a/2017/3xxx/CVE-2017-3962.json +++ b/2017/3xxx/CVE-2017-3962.json @@ -1,86 +1,86 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@mcafee.com", - "ID" : "CVE-2017-3962", - "STATE" : "PUBLIC", - "TITLE" : "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Network Security Management (NSM)", - "version" : { - "version_data" : [ - { - "affected" : "<", - "platform" : "x86", - "version_name" : "8", - "version_value" : "8.2.7.42.2" - } - ] - } - } - ] - }, - "vendor_name" : "McAfee" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes." - } - ] - }, - "impact" : { - "cvss" : { - "attackComplexity" : "HIGH", - "attackVector" : "NETWORK", - "availabilityImpact" : "LOW", - "baseScore" : 5.6, - "baseSeverity" : "MEDIUM", - "confidentialityImpact" : "LOW", - "integrityImpact" : "LOW", - "privilegesRequired" : "NONE", - "scope" : "UNCHANGED", - "userInteraction" : "NONE", - "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Password recovery exploitation vulnerability\n" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@mcafee.com", + "ID": "CVE-2017-3962", + "STATE": "PUBLIC", + "TITLE": "McAfee Network Security Management (NSM) - Password recovery exploitation vulnerability" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Network Security Management (NSM)", + "version": { + "version_data": [ + { + "affected": "<", + "platform": "x86", + "version_name": "8", + "version_value": "8.2.7.42.2" + } + ] + } + } + ] + }, + "vendor_name": "McAfee" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", - "refsource" : "CONFIRM", - "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" - } - ] - }, - "source" : { - "advisory" : "SB10192", - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Password recovery exploitation vulnerability in the non-certificate-based authentication mechanism in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows attackers to crack user passwords via unsalted hashes." + } + ] + }, + "impact": { + "cvss": { + "attackComplexity": "HIGH", + "attackVector": "NETWORK", + "availabilityImpact": "LOW", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "privilegesRequired": "NONE", + "scope": "UNCHANGED", + "userInteraction": "NONE", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "version": "3.0" + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Password recovery exploitation vulnerability\n" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192", + "refsource": "CONFIRM", + "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10192" + } + ] + }, + "source": { + "advisory": "SB10192", + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6065.json b/2017/6xxx/CVE-2017-6065.json index 44132998c3c..513350f8427 100644 --- a/2017/6xxx/CVE-2017-6065.json +++ b/2017/6xxx/CVE-2017-6065.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6065", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6065", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/semplon/GeniXCMS/issues/71", - "refsource" : "MISC", - "url" : "https://github.com/semplon/GeniXCMS/issues/71" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in inc/lib/Control/Backend/menus.control.php in GeniXCMS through 1.0.2 allows remote authenticated users to execute arbitrary SQL commands via the order parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/semplon/GeniXCMS/issues/71", + "refsource": "MISC", + "url": "https://github.com/semplon/GeniXCMS/issues/71" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6197.json b/2017/6xxx/CVE-2017-6197.json index 96901390d8a..09561213940 100644 --- a/2017/6xxx/CVE-2017-6197.json +++ b/2017/6xxx/CVE-2017-6197.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6197", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6197", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989" - }, - { - "name" : "https://github.com/radare/radare2/issues/6816", - "refsource" : "CONFIRM", - "url" : "https://github.com/radare/radare2/issues/6816" - }, - { - "name" : "96433", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96433" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted binary file, as demonstrated by the r_read_le32 function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/radare/radare2/issues/6816", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/issues/6816" + }, + { + "name": "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989", + "refsource": "CONFIRM", + "url": "https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989" + }, + { + "name": "96433", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96433" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6282.json b/2017/6xxx/CVE-2017-6282.json index 2da72cebafd..e7fb8b3b53f 100644 --- a/2017/6xxx/CVE-2017-6282.json +++ b/2017/6xxx/CVE-2017-6282.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@nvidia.com", - "DATE_PUBLIC" : "2018-02-26T00:00:00", - "ID" : "CVE-2017-6282", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "SHIELD TV", - "version" : { - "version_data" : [ - { - "version_value" : "NA" - } - ] - } - } - ] - }, - "vendor_name" : "Nvidia Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Escalation of Pivileges" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@nvidia.com", + "DATE_PUBLIC": "2018-02-26T00:00:00", + "ID": "CVE-2017-6282", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "SHIELD TV", + "version": { + "version_data": [ + { + "version_value": "NA" + } + ] + } + } + ] + }, + "vendor_name": "Nvidia Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", - "refsource" : "CONFIRM", - "url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an attacker has the ability to write an arbitrary value to an arbitrary location which may lead to an escalation of privileges. This issue is rated as high." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Escalation of Pivileges" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631", + "refsource": "CONFIRM", + "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6466.json b/2017/6xxx/CVE-2017-6466.json index 04ab61aaf85..a8d9d68c96e 100644 --- a/2017/6xxx/CVE-2017-6466.json +++ b/2017/6xxx/CVE-2017-6466.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6466", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6466", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Mar/28", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Mar/28" - }, - { - "name" : "96784", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96784" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download. Man-in-the-middle attackers can replace the file with their own executable which will be executed under the SYSTEM account. Note that when Software Updater is configured to install updates automatically, it checks if the downloaded file is digitally signed by default, but does not check the author of the signature. When running in manual mode (default), no signature check is performed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://seclists.org/fulldisclosure/2017/Mar/28", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Mar/28" + }, + { + "name": "96784", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96784" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6916.json b/2017/6xxx/CVE-2017-6916.json index 2dbf6cd8433..367dc05b5b1 100644 --- a/2017/6xxx/CVE-2017-6916.json +++ b/2017/6xxx/CVE-2017-6916.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6916", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6916", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" - }, - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/275", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" + }, + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/275", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/275" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7279.json b/2017/7xxx/CVE-2017-7279.json index d101b4a1fe8..cb6a40a190e 100644 --- a/2017/7xxx/CVE-2017-7279.json +++ b/2017/7xxx/CVE-2017-7279.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the \"token\" cookie issued at login." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/", - "refsource" : "MISC", - "url" : "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 web server can escalate to root privileges by modifying the \"token\" cookie issued at login." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/", + "refsource": "MISC", + "url": "https://rhinosecuritylabs.com/research/remote-code-execution-bug-hunting-chapter-1/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7470.json b/2017/7xxx/CVE-2017-7470.json index 5ce0c25b9cc..40ec66544bb 100644 --- a/2017/7xxx/CVE-2017-7470.json +++ b/2017/7xxx/CVE-2017-7470.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sfowler@redhat.com", - "ID" : "CVE-2017-7470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "spacewalk-backend", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-863" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-7470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "spacewalk-backend", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470" - }, - { - "name" : "RHSA-2017:1259", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1259" - }, - { - "name" : "98569", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98569" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-863" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1259", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1259" + }, + { + "name": "98569", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98569" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7470" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7614.json b/2017/7xxx/CVE-2017-7614.json index ebf8a05b3ec..0e790027524 100644 --- a/2017/7xxx/CVE-2017-7614.json +++ b/2017/7xxx/CVE-2017-7614.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/" - }, - { - "name" : "GLSA-201709-02", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201709-02" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a \"member access within null pointer\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an \"int main() {return 0;}\" program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/" + }, + { + "name": "GLSA-201709-02", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201709-02" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7739.json b/2017/7xxx/CVE-2017-7739.json index b7a584abe00..a90069c0f6b 100644 --- a/2017/7xxx/CVE-2017-7739.json +++ b/2017/7xxx/CVE-2017-7739.json @@ -1,79 +1,79 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@fortinet.com", - "DATE_PUBLIC" : "2017-11-03T00:00:00", - "ID" : "CVE-2017-7739", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FortiOS", - "version" : { - "version_data" : [ - { - "version_value" : "5.6.0" - }, - { - "version_value" : "5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0" - }, - { - "version_value" : "5.2.11, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Fortinet, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site Scripting (XSS)" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@fortinet.com", + "DATE_PUBLIC": "2017-11-03T00:00:00", + "ID": "CVE-2017-7739", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FortiOS", + "version": { + "version_data": [ + { + "version_value": "5.6.0" + }, + { + "version_value": "5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.1, 5.4.0" + }, + { + "version_value": "5.2.11, 5.2.10, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0" + } + ] + } + } + ] + }, + "vendor_name": "Fortinet, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://fortiguard.com/advisory/FG-IR-17-168", - "refsource" : "CONFIRM", - "url" : "https://fortiguard.com/advisory/FG-IR-17-168" - }, - { - "name" : "101679", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/101679" - }, - { - "name" : "1039741", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039741" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site Scripting (XSS)" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "101679", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/101679" + }, + { + "name": "1039741", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039741" + }, + { + "name": "https://fortiguard.com/advisory/FG-IR-17-168", + "refsource": "CONFIRM", + "url": "https://fortiguard.com/advisory/FG-IR-17-168" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10603.json b/2018/10xxx/CVE-2018-10603.json index b1d5818fbfe..b6604caa4ce 100644 --- a/2018/10xxx/CVE-2018-10603.json +++ b/2018/10xxx/CVE-2018-10603.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-05-22T00:00:00", - "ID" : "CVE-2018-10603", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TELEM GW6", - "version" : { - "version_data" : [ - { - "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" - } - ] - } - }, - { - "product_name" : "TELEM GWM", - "version" : { - "version_data" : [ - { - "version_value" : "2018.04.18-linux_4-01-601cb47 and prior" - } - ] - } - } - ] - }, - "vendor_name" : "Martem" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-05-22T00:00:00", + "ID": "CVE-2018-10603", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TELEM GW6", + "version": { + "version_data": [ + { + "version_value": "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + }, + { + "product_name": "TELEM GWM", + "version": { + "version_data": [ + { + "version_value": "2018.04.18-linux_4-01-601cb47 and prior" + } + ] + } + } + ] + }, + "vendor_name": "Martem" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01" - }, - { - "name" : "104286", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not perform authentication of IEC-104 control commands, which may allow a rogue node a remote control of the industrial process." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-142-01" + }, + { + "name": "104286", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104286" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10790.json b/2018/10xxx/CVE-2018-10790.json index 9319db729f1..7a7cebe5bd2 100644 --- a/2018/10xxx/CVE-2018-10790.json +++ b/2018/10xxx/CVE-2018-10790.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10790", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10790", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10866.json b/2018/10xxx/CVE-2018-10866.json index cbc96996900..0f4a474e74e 100644 --- a/2018/10xxx/CVE-2018-10866.json +++ b/2018/10xxx/CVE-2018-10866.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10866", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10866", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10937.json b/2018/10xxx/CVE-2018-10937.json index 902d71cf560..261e46299b2 100644 --- a/2018/10xxx/CVE-2018-10937.json +++ b/2018/10xxx/CVE-2018-10937.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10937", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Openshift Container Platform", - "version" : { - "version_data" : [ - { - "version_value" : "3.11" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "4.6/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-79" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10937", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Openshift Container Platform", + "version": { + "version_data": [ + { + "version_value": "3.11" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937" - }, - { - "name" : "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c", - "refsource" : "CONFIRM", - "url" : "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c" - }, - { - "name" : "https://github.com/openshift/console/pull/461", - "refsource" : "CONFIRM", - "url" : "https://github.com/openshift/console/pull/461" - }, - { - "name" : "105190", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105190" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. An attacker with the ability to create pods can use this flaw to perform actions on the K8s API as the victim." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "4.6/CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-79" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937" + }, + { + "name": "105190", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105190" + }, + { + "name": "https://github.com/openshift/console/pull/461", + "refsource": "CONFIRM", + "url": "https://github.com/openshift/console/pull/461" + }, + { + "name": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c", + "refsource": "CONFIRM", + "url": "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10949.json b/2018/10xxx/CVE-2018-10949.json index 93f9a0ecd04..da5fa9fdc22 100644 --- a/2018/10xxx/CVE-2018-10949.json +++ b/2018/10xxx/CVE-2018-10949.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the \"HTTP 404 - account is not active\" and \"HTTP 401 - must authenticate\" errors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=108962", - "refsource" : "MISC", - "url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=108962" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the \"HTTP 404 - account is not active\" and \"HTTP 401 - must authenticate\" errors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962", + "refsource": "MISC", + "url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108962" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14007.json b/2018/14xxx/CVE-2018-14007.json index cdefe3e4ab1..eee99224a98 100644 --- a/2018/14xxx/CVE-2018-14007.json +++ b/2018/14xxx/CVE-2018-14007.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14007", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Citrix XenServer 7.1 and newer allows Directory Traversal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14007", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://xenbits.xen.org/xsa/advisory-271.html", - "refsource" : "CONFIRM", - "url" : "http://xenbits.xen.org/xsa/advisory-271.html" - }, - { - "name" : "https://support.citrix.com/article/CTX236548", - "refsource" : "CONFIRM", - "url" : "https://support.citrix.com/article/CTX236548" - }, - { - "name" : "105110", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105110" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Citrix XenServer 7.1 and newer allows Directory Traversal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://xenbits.xen.org/xsa/advisory-271.html", + "refsource": "CONFIRM", + "url": "http://xenbits.xen.org/xsa/advisory-271.html" + }, + { + "name": "105110", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105110" + }, + { + "name": "https://support.citrix.com/article/CTX236548", + "refsource": "CONFIRM", + "url": "https://support.citrix.com/article/CTX236548" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14465.json b/2018/14xxx/CVE-2018-14465.json index 5184010b901..a67a34e0891 100644 --- a/2018/14xxx/CVE-2018-14465.json +++ b/2018/14xxx/CVE-2018-14465.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14465", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14465", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14935.json b/2018/14xxx/CVE-2018-14935.json index 1eeaaeedc80..571391aef4c 100644 --- a/2018/14xxx/CVE-2018-14935.json +++ b/2018/14xxx/CVE-2018-14935.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14935", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14935", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf", - "refsource" : "CONFIRM", - "url" : "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf", + "refsource": "CONFIRM", + "url": "https://support.polycom.com/content/dam/polycom-support/global/documentation/stored-cross-site-scripting-in-trio.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14946.json b/2018/14xxx/CVE-2018-14946.json index bbc2238aa64..663c85a8434 100644 --- a/2018/14xxx/CVE-2018-14946.json +++ b/2018/14xxx/CVE-2018-14946.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14946", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14946", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flexpaper/pdf2json/issues/19", - "refsource" : "MISC", - "url" : "https://github.com/flexpaper/pdf2json/issues/19" - }, - { - "name" : "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-htmlstring", - "refsource" : "MISC", - "url" : "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-htmlstring" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue has been found in PDF2JSON 0.69. The HtmlString class in ImgOutputDev.cc has Mismatched Memory Management Routines (malloc versus operator delete)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flexpaper/pdf2json/issues/19", + "refsource": "MISC", + "url": "https://github.com/flexpaper/pdf2json/issues/19" + }, + { + "name": "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-htmlstring", + "refsource": "MISC", + "url": "https://github.com/fouzhe/security/tree/master/pdf2json#alloc_dealloc_mismatch-in-function-htmlstring" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20317.json b/2018/20xxx/CVE-2018-20317.json index 369b12c14dd..0d9805996d5 100644 --- a/2018/20xxx/CVE-2018-20317.json +++ b/2018/20xxx/CVE-2018-20317.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20317", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20317", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20700.json b/2018/20xxx/CVE-2018-20700.json index 5a84467db6d..7f39c59318b 100644 --- a/2018/20xxx/CVE-2018-20700.json +++ b/2018/20xxx/CVE-2018-20700.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20700", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20700", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20739.json b/2018/20xxx/CVE-2018-20739.json index cad583f5e09..23089f17734 100644 --- a/2018/20xxx/CVE-2018-20739.json +++ b/2018/20xxx/CVE-2018-20739.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20739", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20739", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9019.json b/2018/9xxx/CVE-2018-9019.json index cf6061dddf5..756089b2cd8 100644 --- a/2018/9xxx/CVE-2018-9019.json +++ b/2018/9xxx/CVE-2018-9019.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9019", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9019", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog" - }, - { - "name" : "https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739", - "refsource" : "CONFIRM", - "url" : "https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739" + }, + { + "name": "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog", + "refsource": "CONFIRM", + "url": "https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9543.json b/2018/9xxx/CVE-2018-9543.json index 8cd599828c8..bbc0687261a 100644 --- a/2018/9xxx/CVE-2018-9543.json +++ b/2018/9xxx/CVE-2018-9543.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "ID" : "CVE-2018-9543", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "ID": "CVE-2018-9543", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://source.android.com/security/bulletin/2018-11-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-11-01" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-12-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-12-01" - }, - { - "name" : "105849", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105849" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-112868088." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "105849", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105849" + }, + { + "name": "https://source.android.com/security/bulletin/2018-12-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-12-01" + }, + { + "name": "https://source.android.com/security/bulletin/2018-11-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-11-01" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9695.json b/2018/9xxx/CVE-2018-9695.json index ccada59a9ee..b31a4281c25 100644 --- a/2018/9xxx/CVE-2018-9695.json +++ b/2018/9xxx/CVE-2018-9695.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9695", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9695", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file