From 5899fc11c7dff81d7c6cb42b6f81191839ce899d Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:27:04 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0862.json | 190 ++++++++++++++++----------------- 2002/1xxx/CVE-2002-1120.json | 150 +++++++++++++------------- 2002/1xxx/CVE-2002-1305.json | 34 +++--- 2002/1xxx/CVE-2002-1382.json | 160 +++++++++++++-------------- 2002/1xxx/CVE-2002-1512.json | 140 ++++++++++++------------ 2002/1xxx/CVE-2002-1544.json | 120 ++++++++++----------- 2002/1xxx/CVE-2002-1852.json | 150 +++++++++++++------------- 2003/0xxx/CVE-2003-0183.json | 34 +++--- 2003/0xxx/CVE-2003-0664.json | 130 +++++++++++----------- 2003/0xxx/CVE-2003-0835.json | 160 +++++++++++++-------------- 2003/1xxx/CVE-2003-1102.json | 150 +++++++++++++------------- 2003/1xxx/CVE-2003-1156.json | 140 ++++++++++++------------ 2003/1xxx/CVE-2003-1170.json | 150 +++++++++++++------------- 2004/2xxx/CVE-2004-2025.json | 130 +++++++++++----------- 2004/2xxx/CVE-2004-2416.json | 170 ++++++++++++++--------------- 2012/0xxx/CVE-2012-0002.json | 160 +++++++++++++-------------- 2012/0xxx/CVE-2012-0058.json | 170 ++++++++++++++--------------- 2012/0xxx/CVE-2012-0375.json | 34 +++--- 2012/1xxx/CVE-2012-1367.json | 120 ++++++++++----------- 2012/1xxx/CVE-2012-1670.json | 180 +++++++++++++++---------------- 2012/1xxx/CVE-2012-1709.json | 140 ++++++++++++------------ 2012/1xxx/CVE-2012-1913.json | 34 +++--- 2012/4xxx/CVE-2012-4449.json | 130 +++++++++++----------- 2012/4xxx/CVE-2012-4834.json | 170 ++++++++++++++--------------- 2012/5xxx/CVE-2012-5373.json | 180 +++++++++++++++---------------- 2012/5xxx/CVE-2012-5531.json | 130 +++++++++++----------- 2012/5xxx/CVE-2012-5906.json | 170 ++++++++++++++--------------- 2017/3xxx/CVE-2017-3266.json | 146 ++++++++++++------------- 2017/3xxx/CVE-2017-3490.json | 150 +++++++++++++------------- 2017/3xxx/CVE-2017-3789.json | 34 +++--- 2017/6xxx/CVE-2017-6438.json | 130 +++++++++++----------- 2017/6xxx/CVE-2017-6902.json | 34 +++--- 2017/7xxx/CVE-2017-7118.json | 140 ++++++++++++------------ 2017/7xxx/CVE-2017-7928.json | 130 +++++++++++----------- 2018/10xxx/CVE-2018-10913.json | 190 ++++++++++++++++----------------- 2018/13xxx/CVE-2018-13250.json | 120 ++++++++++----------- 2018/13xxx/CVE-2018-13494.json | 130 +++++++++++----------- 2018/17xxx/CVE-2018-17236.json | 120 ++++++++++----------- 2018/17xxx/CVE-2018-17245.json | 130 +++++++++++----------- 2018/17xxx/CVE-2018-17299.json | 34 +++--- 2018/17xxx/CVE-2018-17645.json | 130 +++++++++++----------- 2018/20xxx/CVE-2018-20045.json | 34 +++--- 2018/20xxx/CVE-2018-20716.json | 120 ++++++++++----------- 2018/9xxx/CVE-2018-9326.json | 120 ++++++++++----------- 2018/9xxx/CVE-2018-9328.json | 120 ++++++++++----------- 2018/9xxx/CVE-2018-9416.json | 34 +++--- 2018/9xxx/CVE-2018-9694.json | 34 +++--- 47 files changed, 2853 insertions(+), 2853 deletions(-) diff --git a/2002/0xxx/CVE-2002-0862.json b/2002/0xxx/CVE-2002-0862.json index 3d168b2e0a2..564600b641c 100644 --- a/2002/0xxx/CVE-2002-0862.json +++ b/2002/0xxx/CVE-2002-0862.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0862", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0862", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020805 IE SSL Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102866120821995&w=2" - }, - { - "name" : "20020812 IE SSL Exploit", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102918200405308&w=2" - }, - { - "name" : "20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102976967730450&w=2" - }, - { - "name" : "MS02-050", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050" - }, - { - "name" : "oval:org.mitre.oval:def:1056", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056" - }, - { - "name" : "oval:org.mitre.oval:def:1332", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332" - }, - { - "name" : "oval:org.mitre.oval:def:2671", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671" - }, - { - "name" : "ssl-ca-certificate-spoofing(9776)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, and (3) WinVerifyTrust APIs within the CryptoAPI for Microsoft products including Microsoft Windows 98 through XP, Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac, do not properly verify the Basic Constraints of intermediate CA-signed X.509 certificates, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack for SSL sessions, as originally reported for Internet Explorer and IIS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:1332", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1332" + }, + { + "name": "20020812 IE SSL Exploit", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102918200405308&w=2" + }, + { + "name": "oval:org.mitre.oval:def:1056", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1056" + }, + { + "name": "20020805 IE SSL Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102866120821995&w=2" + }, + { + "name": "ssl-ca-certificate-spoofing(9776)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9776" + }, + { + "name": "20020819 Insufficient Verification of Client Certificates in IIS 5.0 pre sp3", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102976967730450&w=2" + }, + { + "name": "oval:org.mitre.oval:def:2671", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2671" + }, + { + "name": "MS02-050", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1120.json b/2002/1xxx/CVE-2002-1120.json index 604bd40c25b..fa28c474a7c 100644 --- a/2002/1xxx/CVE-2002-1120.json +++ b/2002/1xxx/CVE-2002-1120.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1120", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1120", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "16770", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/16770/" - }, - { - "name" : "20020910 Foundstone Labs Advisory - Buffer Overflow in Savant Web Server", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html" - }, - { - "name" : "savant-long-url-bo(10076)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10076.php" - }, - { - "name" : "5686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5686" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "savant-long-url-bo(10076)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10076.php" + }, + { + "name": "5686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5686" + }, + { + "name": "16770", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/16770/" + }, + { + "name": "20020910 Foundstone Labs Advisory - Buffer Overflow in Savant Web Server", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0112.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1305.json b/2002/1xxx/CVE-2002-1305.json index f3de7bb9215..083e1014051 100644 --- a/2002/1xxx/CVE-2002-1305.json +++ b/2002/1xxx/CVE-2002-1305.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1305", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1305", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1382.json b/2002/1xxx/CVE-2002-1382.json index 4c9b812e09b..2e8cbfd5611 100644 --- a/2002/1xxx/CVE-2002-1382.json +++ b/2002/1xxx/CVE-2002-1382.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021217 Macromedia Shockwave Flash Malformed Header Overflow #2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104014220727109&w=2" - }, - { - "name" : "20021217 Macromedia Shockwave Flash Malformed Header Overflow #2", - "refsource" : "VULNWATCH", - "url" : "http://marc.info/?l=vulnwatch&m=104013370116670" - }, - { - "name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23569", - "refsource" : "CONFIRM", - "url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23569" - }, - { - "name" : "6383", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6383" - }, - { - "name" : "flash-swf-bo(10861)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "flash-swf-bo(10861)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10861" + }, + { + "name": "6383", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6383" + }, + { + "name": "20021217 Macromedia Shockwave Flash Malformed Header Overflow #2", + "refsource": "VULNWATCH", + "url": "http://marc.info/?l=vulnwatch&m=104013370116670" + }, + { + "name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23569", + "refsource": "CONFIRM", + "url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23569" + }, + { + "name": "20021217 Macromedia Shockwave Flash Malformed Header Overflow #2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104014220727109&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1512.json b/2002/1xxx/CVE-2002-1512.json index 96edc1d4bca..3c9857782b7 100644 --- a/2002/1xxx/CVE-2002-1512.json +++ b/2002/1xxx/CVE-2002-1512.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1512", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1512", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020912 Race condition in BRU Workstation 17.0", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0154.html" - }, - { - "name" : "5708", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5708" - }, - { - "name" : "bru-xbru-race-condition(10101)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10101.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5708", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5708" + }, + { + "name": "bru-xbru-race-condition(10101)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10101.php" + }, + { + "name": "20020912 Race condition in BRU Workstation 17.0", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0154.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1544.json b/2002/1xxx/CVE-2002-1544.json index 3933bef5a52..9cbde69d2ec 100644 --- a/2002/1xxx/CVE-2002-1544.json +++ b/2002/1xxx/CVE-2002-1544.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1544", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1544", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021010 more silly bugs in cooolsoft 'personal ftp server'", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021010 more silly bugs in cooolsoft 'personal ftp server'", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0142.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1852.json b/2002/1xxx/CVE-2002-1852.json index 80e39900b88..d50f969153e 100644 --- a/2002/1xxx/CVE-2002-1852.json +++ b/2002/1xxx/CVE-2002-1852.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1852", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1852", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020930 XSS bug in Monkey (0.5.0) HTTP server", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0344.html" - }, - { - "name" : "5829", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5829" - }, - { - "name" : "monkey-url-test2pl-xss(10226)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10226.php" - }, - { - "name" : "monkey-url-request-xss(10229)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10229.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) a parameter to test2.pl." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5829", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5829" + }, + { + "name": "monkey-url-request-xss(10229)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10229.php" + }, + { + "name": "20020930 XSS bug in Monkey (0.5.0) HTTP server", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0344.html" + }, + { + "name": "monkey-url-test2pl-xss(10226)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10226.php" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0183.json b/2003/0xxx/CVE-2003-0183.json index 02a86f6dd35..49b35ff855a 100644 --- a/2003/0xxx/CVE-2003-0183.json +++ b/2003/0xxx/CVE-2003-0183.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0183", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0183", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0664.json b/2003/0xxx/CVE-2003-0664.json index e50d4fa2f2e..a818c16c11a 100644 --- a/2003/0xxx/CVE-2003-0664.json +++ b/2003/0xxx/CVE-2003-0664.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0664", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0664", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-035" - }, - { - "name" : "oval:org.mitre.oval:def:188", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:188", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A188" + }, + { + "name": "MS03-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-035" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0835.json b/2003/0xxx/CVE-2003-0835.json index b263b6a3620..fa1ffa2dc2f 100644 --- a/2003/0xxx/CVE-2003-0835.json +++ b/2003/0xxx/CVE-2003-0835.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mplayerhq.hu/homepage/design6/news.html", - "refsource" : "CONFIRM", - "url" : "http://www.mplayerhq.hu/homepage/design6/news.html" - }, - { - "name" : "20030926 Mplayer Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106460912721618&w=2" - }, - { - "name" : "20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106454257221455&w=2" - }, - { - "name" : "CLA-2003:760", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000760" - }, - { - "name" : "20030929 GLSA: media-video/mplayer (200309-15)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106485005213109&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in asf_http_request of MPlayer before 0.92 allows remote attackers to execute arbitrary code via an ASX header with a long hostname." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030926 Mplayer Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106460912721618&w=2" + }, + { + "name": "http://www.mplayerhq.hu/homepage/design6/news.html", + "refsource": "CONFIRM", + "url": "http://www.mplayerhq.hu/homepage/design6/news.html" + }, + { + "name": "20030929 GLSA: media-video/mplayer (200309-15)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106485005213109&w=2" + }, + { + "name": "CLA-2003:760", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000760" + }, + { + "name": "20030925 MPlayer Security Advisory #01: Remotely exploitable buffer overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106454257221455&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1102.json b/2003/1xxx/CVE-2003-1102.json index 527736837dd..ab2ec5eaa2f 100644 --- a/2003/1xxx/CVE-2003-1102.json +++ b/2003/1xxx/CVE-2003-1102.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1102", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1102", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.procheckup.com/security_info/vuln_pr0302.html", - "refsource" : "MISC", - "url" : "http://www.procheckup.com/security_info/vuln_pr0302.html" - }, - { - "name" : "VU#989580", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/989580" - }, - { - "name" : "9985", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/9985" - }, - { - "name" : "Hummingbird-docsfusionserver-file-access(13397)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13397" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.procheckup.com/security_info/vuln_pr0302.html", + "refsource": "MISC", + "url": "http://www.procheckup.com/security_info/vuln_pr0302.html" + }, + { + "name": "9985", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/9985" + }, + { + "name": "Hummingbird-docsfusionserver-file-access(13397)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13397" + }, + { + "name": "VU#989580", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/989580" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1156.json b/2003/1xxx/CVE-2003-1156.json index 3087eb3a492..758a4eda1b4 100644 --- a/2003/1xxx/CVE-2003-1156.json +++ b/2003/1xxx/CVE-2003-1156.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1156", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1156", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/343038" - }, - { - "name" : "8937", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8937" - }, - { - "name" : "sun-jre-java-symlink(13570)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13570" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031031 Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linuxinstallers", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/343038" + }, + { + "name": "8937", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8937" + }, + { + "name": "sun-jre-java-symlink(13570)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13570" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1170.json b/2003/1xxx/CVE-2003-1170.json index af49bfbaffc..4c31bd12dc2 100644 --- a/2003/1xxx/CVE-2003-1170.json +++ b/2003/1xxx/CVE-2003-1170.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031028 Local root vuln in kpopup", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342736" - }, - { - "name" : "8918", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8918" - }, - { - "name" : "3290", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3290" - }, - { - "name" : "10105", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8918", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8918" + }, + { + "name": "20031028 Local root vuln in kpopup", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342736" + }, + { + "name": "3290", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3290" + }, + { + "name": "10105", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10105" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2025.json b/2004/2xxx/CVE-2004-2025.json index 88be469eec9..818b5a9544f 100644 --- a/2004/2xxx/CVE-2004-2025.json +++ b/2004/2xxx/CVE-2004-2025.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2025", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2025", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731" - }, - { - "name" : "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD", - "refsource" : "CONFIRM", - "url" : "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/modules/ipb/index.php?showtopic=3731" + }, + { + "name": "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD", + "refsource": "CONFIRM", + "url": "http://www.zen-cart.com/modules/mydownloads/viewcat.php?cid=31&orderby=dateD" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2416.json b/2004/2xxx/CVE-2004-2416.json index 60a8a898579..ecab55a9f65 100644 --- a/2004/2xxx/CVE-2004-2416.json +++ b/2004/2xxx/CVE-2004-2416.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2416", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2416", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/exploits/6E0032KBPM.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/exploits/6E0032KBPM.html" - }, - { - "name" : "11666", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11666" - }, - { - "name" : "11593", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11593" - }, - { - "name" : "1012189", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012189" - }, - { - "name" : "13085", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13085" - }, - { - "name" : "proxy-server-ccproxy-bo(18012)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18012" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1012189", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012189" + }, + { + "name": "http://www.securiteam.com/exploits/6E0032KBPM.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/exploits/6E0032KBPM.html" + }, + { + "name": "proxy-server-ccproxy-bo(18012)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18012" + }, + { + "name": "13085", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13085" + }, + { + "name": "11666", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11666" + }, + { + "name": "11593", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11593" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0002.json b/2012/0xxx/CVE-2012-0002.json index 431e57adffe..84c66da1dc0 100644 --- a/2012/0xxx/CVE-2012-0002.json +++ b/2012/0xxx/CVE-2012-0002.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0002", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2012-0002", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/", - "refsource" : "MISC", - "url" : "http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/" - }, - { - "name" : "MS12-020", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020" - }, - { - "name" : "TA12-073A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" - }, - { - "name" : "oval:org.mitre.oval:def:14623", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14623" - }, - { - "name" : "1026790", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026790" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka \"Remote Desktop Protocol Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:14623", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14623" + }, + { + "name": "http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/", + "refsource": "MISC", + "url": "http://blogs.quickheal.com/remote-desktop-protocol-vulnerability-cve-2012-0002-not-dead-yet/" + }, + { + "name": "MS12-020", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-020" + }, + { + "name": "1026790", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026790" + }, + { + "name": "TA12-073A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0058.json b/2012/0xxx/CVE-2012-0058.json index 241d56d8ceb..b33a3c296a0 100644 --- a/2012/0xxx/CVE-2012-0058.json +++ b/2012/0xxx/CVE-2012-0058.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0058", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0058", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120117 Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/01/18/7" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=782696", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=782696" - }, - { - "name" : "https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428" - }, - { - "name" : "HPSBGN02970", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2" - }, - { - "name" : "1027085", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027085" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kiocb_batch_free function in fs/aio.c in the Linux kernel before 3.2.2 allows local users to cause a denial of service (OOPS) via vectors that trigger incorrect iocb management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/802f43594d6e4d2ac61086d239153c17873a0428" + }, + { + "name": "1027085", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027085" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=782696", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=782696" + }, + { + "name": "[oss-security] 20120117 Re: CVE request: kernel: Unused iocbs in a batch should not be accounted as active", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/01/18/7" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.2" + }, + { + "name": "HPSBGN02970", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0375.json b/2012/0xxx/CVE-2012-0375.json index dfbccc42d00..ecde4bdf507 100644 --- a/2012/0xxx/CVE-2012-0375.json +++ b/2012/0xxx/CVE-2012-0375.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0375", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0375", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1367.json b/2012/1xxx/CVE-2012-1367.json index 433d6a21d60..ce1197a032e 100644 --- a/2012/1xxx/CVE-2012-1367.json +++ b/2012/1xxx/CVE-2012-1367.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-1367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (Route Processor crash) via a BGP UPDATE message with a modified local-preference (aka LOCAL_PREF) attribute length, aka Bug ID CSCtq06538." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/en/US/docs/ios/12_2sr/release/notes/122SRcavs1.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1670.json b/2012/1xxx/CVE-2012-1670.json index 09b6f340944..1f23d0073ac 100644 --- a/2012/1xxx/CVE-2012-1670.json +++ b/2012/1xxx/CVE-2012-1670.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1670", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1670", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120322 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0115.html" - }, - { - "name" : "18647", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/18647/" - }, - { - "name" : "http://downloads.sourceforge.net/project/php-gradebook/phpGradeBook%20-%20BETA/1.9.5/phpGradeBook1.9.5.zip", - "refsource" : "CONFIRM", - "url" : "http://downloads.sourceforge.net/project/php-gradebook/phpGradeBook%20-%20BETA/1.9.5/phpGradeBook1.9.5.zip" - }, - { - "name" : "52686", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52686" - }, - { - "name" : "80311", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80311" - }, - { - "name" : "48524", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48524" - }, - { - "name" : "phpgradebook-info-disclosure(74292)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74292" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "52686", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52686" + }, + { + "name": "20120322 'PHP Grade Book' Unauthenticated SQL Database Export (CVE-2012-1670)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0115.html" + }, + { + "name": "http://downloads.sourceforge.net/project/php-gradebook/phpGradeBook%20-%20BETA/1.9.5/phpGradeBook1.9.5.zip", + "refsource": "CONFIRM", + "url": "http://downloads.sourceforge.net/project/php-gradebook/phpGradeBook%20-%20BETA/1.9.5/phpGradeBook1.9.5.zip" + }, + { + "name": "48524", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48524" + }, + { + "name": "18647", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/18647/" + }, + { + "name": "phpgradebook-info-disclosure(74292)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74292" + }, + { + "name": "80311", + "refsource": "OSVDB", + "url": "http://osvdb.org/80311" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1709.json b/2012/1xxx/CVE-2012-1709.json index d99a4a13f9f..3bd679e70bb 100644 --- a/2012/1xxx/CVE-2012-1709.json +++ b/2012/1xxx/CVE-2012-1709.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1709", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1709", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "1026949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026949" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1710." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026949" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1913.json b/2012/1xxx/CVE-2012-1913.json index eeb46998088..2ffa7ebc922 100644 --- a/2012/1xxx/CVE-2012-1913.json +++ b/2012/1xxx/CVE-2012-1913.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1913", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-1913", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-0754. Reason: This candidate is a reservation duplicate of CVE-2010-0754. Notes: All CVE users should reference CVE-2010-0754 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4449.json b/2012/4xxx/CVE-2012-4449.json index c047918efd6..a069e24e88b 100644 --- a/2012/4xxx/CVE-2012-4449.json +++ b/2012/4xxx/CVE-2012-4449.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4449", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4449", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[hadoop-general] 20121012 [ANNOUNCE] Hadoop-1.0.4 release, with Security fix", - "refsource" : "MLIST", - "url" : "http://mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q@mail.gmail.com%3E" - }, - { - "name" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0", - "refsource" : "CONFIRM", - "url" : "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0", + "refsource": "CONFIRM", + "url": "https://www.cloudera.com/documentation/other/security-bulletins/topics/csb_topic_1.html#topic_1_0" + }, + { + "name": "[hadoop-general] 20121012 [ANNOUNCE] Hadoop-1.0.4 release, with Security fix", + "refsource": "MLIST", + "url": "http://mail-archives.apache.org/mod_mbox/hadoop-general/201210.mbox/%3CCA+z3+9FYdPmzBEaMZ71SUqzRx=eU=o4mSHUsbrpzgR9X_F1c0Q@mail.gmail.com%3E" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4834.json b/2012/4xxx/CVE-2012-4834.json index f30fad2d82d..6be49558d91 100644 --- a/2012/4xxx/CVE-2012-4834.json +++ b/2012/4xxx/CVE-2012-4834.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4834", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-4834", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21617713", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21617713" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg24033155", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg24033155" - }, - { - "name" : "PM76354", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354" - }, - { - "name" : "51281", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51281" - }, - { - "name" : "websphere-portal-layloader-dir-traversal(78914)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51281", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51281" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg24033155", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg24033155" + }, + { + "name": "websphere-portal-layloader-dir-traversal(78914)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78914" + }, + { + "name": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21617713", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21617713" + }, + { + "name": "PM76354", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5373.json b/2012/5xxx/CVE-2012-5373.json index 4e69435a50e..89a685fe1cf 100644 --- a/2012/5xxx/CVE-2012-5373.json +++ b/2012/5xxx/CVE-2012-5373.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5373", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5373", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://2012.appsec-forum.ch/conferences/#c17", - "refsource" : "MISC", - "url" : "http://2012.appsec-forum.ch/conferences/#c17" - }, - { - "name" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", - "refsource" : "MISC", - "url" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf" - }, - { - "name" : "http://www.ocert.org/advisories/ocert-2012-001.html", - "refsource" : "MISC", - "url" : "http://www.ocert.org/advisories/ocert-2012-001.html" - }, - { - "name" : "https://www.131002.net/data/talks/appsec12_slides.pdf", - "refsource" : "MISC", - "url" : "https://www.131002.net/data/talks/appsec12_slides.pdf" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880705", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880705" - }, - { - "name" : "56673", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56673" - }, - { - "name" : "java-murmur-hash-dos(80299)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80299" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash3 algorithm, a different vulnerability than CVE-2012-2739." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", + "refsource": "MISC", + "url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf" + }, + { + "name": "56673", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56673" + }, + { + "name": "https://www.131002.net/data/talks/appsec12_slides.pdf", + "refsource": "MISC", + "url": "https://www.131002.net/data/talks/appsec12_slides.pdf" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880705", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880705" + }, + { + "name": "http://2012.appsec-forum.ch/conferences/#c17", + "refsource": "MISC", + "url": "http://2012.appsec-forum.ch/conferences/#c17" + }, + { + "name": "java-murmur-hash-dos(80299)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80299" + }, + { + "name": "http://www.ocert.org/advisories/ocert-2012-001.html", + "refsource": "MISC", + "url": "http://www.ocert.org/advisories/ocert-2012-001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5531.json b/2012/5xxx/CVE-2012-5531.json index 6fd659ec9b8..c84dde44aa7 100644 --- a/2012/5xxx/CVE-2012-5531.json +++ b/2012/5xxx/CVE-2012-5531.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5531", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5531", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2013:0141", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-0141.html" - }, - { - "name" : "51775", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51775" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "51775", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51775" + }, + { + "name": "RHSA-2013:0141", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-0141.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5906.json b/2012/5xxx/CVE-2012-5906.json index 3c75e2f5e4f..b1ea13fe78a 100644 --- a/2012/5xxx/CVE-2012-5906.json +++ b/2012/5xxx/CVE-2012-5906.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5906", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5906", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html", - "refsource" : "MISC", - "url" : "http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html" - }, - { - "name" : "http://packetstormsecurity.org/files/111252/GreenBrowser-6.1.x-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.org/files/111252/GreenBrowser-6.1.x-Cross-Site-Scripting.html" - }, - { - "name" : "52767", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52767" - }, - { - "name" : "80636", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80636" - }, - { - "name" : "48559", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48559" - }, - { - "name" : "greenbrowser-about-xss(74474)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74474" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser 6.1.0117 and 6.1.0216 allow remote attackers to inject arbitrary web script or HTML via (1) the URI in an about: page or (2) the last visited URL in the LastVisitWriteEn function in function.js." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://packetstormsecurity.org/files/111252/GreenBrowser-6.1.x-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.org/files/111252/GreenBrowser-6.1.x-Cross-Site-Scripting.html" + }, + { + "name": "48559", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48559" + }, + { + "name": "http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html", + "refsource": "MISC", + "url": "http://lostmon.blogspot.com/2012/03/greenbrowser-about-dialog-xss-and.html" + }, + { + "name": "52767", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52767" + }, + { + "name": "80636", + "refsource": "OSVDB", + "url": "http://osvdb.org/80636" + }, + { + "name": "greenbrowser-about-xss(74474)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74474" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3266.json b/2017/3xxx/CVE-2017-3266.json index 9d499c89320..07b060d68e8 100644 --- a/2017/3xxx/CVE-2017-3266.json +++ b/2017/3xxx/CVE-2017-3266.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3266", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Outside In Technology", - "version" : { - "version_data" : [ - { - "version_value" : "8.5.2" - }, - { - "version_value" : "8.5.3" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3266", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Outside In Technology", + "version": { + "version_data": [ + { + "version_value": "8.5.2" + }, + { + "version_value": "8.5.3" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95507", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95507" - }, - { - "name" : "1037631", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037631" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in takeover of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037631", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037631" + }, + { + "name": "95507", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95507" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3490.json b/2017/3xxx/CVE-2017-3490.json index 7f78f4e875f..f5a472fc2ba 100644 --- a/2017/3xxx/CVE-2017-3490.json +++ b/2017/3xxx/CVE-2017-3490.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3490", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "FLEXCUBE Enterprise Limits and Collateral Management", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.0.0" - }, - { - "version_affected" : "=", - "version_value" : "12.1.0" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3490", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "FLEXCUBE Enterprise Limits and Collateral Management", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.0.0" + }, + { + "version_affected": "=", + "version_value": "12.1.0" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "97869", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97869" - }, - { - "name" : "1038304", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038304" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97869", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97869" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + }, + { + "name": "1038304", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038304" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3789.json b/2017/3xxx/CVE-2017-3789.json index 482c041c24e..839a00f8a6f 100644 --- a/2017/3xxx/CVE-2017-3789.json +++ b/2017/3xxx/CVE-2017-3789.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3789", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3789", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6438.json b/2017/6xxx/CVE-2017-6438.json index 1b7b385006d..263d9e3ba59 100644 --- a/2017/6xxx/CVE-2017-6438.json +++ b/2017/6xxx/CVE-2017-6438.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6438", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6438", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libimobiledevice/libplist/issues/98", - "refsource" : "MISC", - "url" : "https://github.com/libimobiledevice/libplist/issues/98" - }, - { - "name" : "97281", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97281" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the parse_unicode_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (out-of-bounds write) and possibly code execution via a crafted plist file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97281", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97281" + }, + { + "name": "https://github.com/libimobiledevice/libplist/issues/98", + "refsource": "MISC", + "url": "https://github.com/libimobiledevice/libplist/issues/98" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6902.json b/2017/6xxx/CVE-2017-6902.json index 6acb873cdf4..f44385587b6 100644 --- a/2017/6xxx/CVE-2017-6902.json +++ b/2017/6xxx/CVE-2017-6902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6902", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6902", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7118.json b/2017/7xxx/CVE-2017-7118.json index 25b2e58eb61..5ba05b91e9e 100644 --- a/2017/7xxx/CVE-2017-7118.json +++ b/2017/7xxx/CVE-2017-7118.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7118", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (crash) via a crafted image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7118", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "100892", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100892" - }, - { - "name" : "1039385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Messages\" component. It allows remote attackers to cause a denial of service (crash) via a crafted image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100892", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100892" + }, + { + "name": "1039385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039385" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7928.json b/2017/7xxx/CVE-2017-7928.json index 49d3dbc39b5..3a38113e743 100644 --- a/2017/7xxx/CVE-2017-7928.json +++ b/2017/7xxx/CVE-2017-7928.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "ID" : "CVE-2017-7928", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622", - "version" : { - "version_data" : [ - { - "version_value" : "Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-284" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2017-7928", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622", + "version": { + "version_data": [ + { + "version_value": "Schweitzer Engineering Laboratories, Inc. SEL-3620 and SEL-3622" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06" - }, - { - "name" : "99536", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99536" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An Improper Access Control issue was discovered in Schweitzer Engineering Laboratories (SEL) SEL-3620 and SEL-3622 Security Gateway Versions R202 and, R203, R203-V1, R203-V2 and, R204, R204-V1. The device does not properly enforce access control while configured for NAT port forwarding, which may allow for unauthorized communications to downstream devices." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-284" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-06" + }, + { + "name": "99536", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99536" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10913.json b/2018/10xxx/CVE-2018-10913.json index 61108d3189b..5bf5afa6289 100644 --- a/2018/10xxx/CVE-2018-10913.json +++ b/2018/10xxx/CVE-2018-10913.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10913", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-209" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10913", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913" - }, - { - "name" : "https://review.gluster.org/#/c/glusterfs/+/21071/", - "refsource" : "CONFIRM", - "url" : "https://review.gluster.org/#/c/glusterfs/+/21071/" - }, - { - "name" : "RHSA-2018:2607", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2607" - }, - { - "name" : "RHSA-2018:2608", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2608" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "3.5/CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-209" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2607", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2607" + }, + { + "name": "https://review.gluster.org/#/c/glusterfs/+/21071/", + "refsource": "CONFIRM", + "url": "https://review.gluster.org/#/c/glusterfs/+/21071/" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913" + }, + { + "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" + }, + { + "name": "RHSA-2018:2608", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2608" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13250.json b/2018/13xxx/CVE-2018-13250.json index 367a390b452..c8879e4367f 100644 --- a/2018/13xxx/CVE-2018-13250.json +++ b/2018/13xxx/CVE-2018-13250.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/147", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/147" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libming 0.4.8 has a NULL pointer dereference in the getString function of the decompile.c file, related to decompileSTRINGCONCAT. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/147", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/147" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13494.json b/2018/13xxx/CVE-2018-13494.json index f711d80c92e..5f7343cd055 100644 --- a/2018/13xxx/CVE-2018-13494.json +++ b/2018/13xxx/CVE-2018-13494.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13494", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13494", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SusanTokenERC20", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SusanTokenERC20" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for SusanTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SusanTokenERC20", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SusanTokenERC20" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17236.json b/2018/17xxx/CVE-2018-17236.json index 1f5fdfed57b..dd14bff6ca4 100644 --- a/2018/17xxx/CVE-2018-17236.json +++ b/2018/17xxx/CVE-2018-17236.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17236", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17236", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1629453", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1629453" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The function MP4Free() in mp4property.cpp in libmp4v2 2.1.0 internally calls free() on a invalid pointer, raising a SIGABRT signal." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629453" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17245.json b/2018/17xxx/CVE-2018-17245.json index 69f7d2f71ba..7e55f0360f1 100644 --- a/2018/17xxx/CVE-2018-17245.json +++ b/2018/17xxx/CVE-2018-17245.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "bressers@elastic.co", - "ID" : "CVE-2018-17245", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Kibana", - "version" : { - "version_data" : [ - { - "version_value" : "4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2" - } - ] - } - } - ] - }, - "vendor_name" : "Elastic" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-201: Information Exposure Through Sent Data" - } + "CVE_data_meta": { + "ASSIGNER": "security@elastic.co", + "ID": "CVE-2018-17245", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Kibana", + "version": { + "version_data": [ + { + "version_value": "4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2" + } + ] + } + } + ] + }, + "vendor_name": "Elastic" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594", - "refsource" : "MISC", - "url" : "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594" - }, - { - "name" : "https://www.elastic.co/community/security", - "refsource" : "CONFIRM", - "url" : "https://www.elastic.co/community/security" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plaintext credentials are included in the HTTP request that could be recovered by an external resource provider." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-201: Information Exposure Through Sent Data" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594", + "refsource": "MISC", + "url": "https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594" + }, + { + "name": "https://www.elastic.co/community/security", + "refsource": "CONFIRM", + "url": "https://www.elastic.co/community/security" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17299.json b/2018/17xxx/CVE-2018-17299.json index 05db9d6ec73..80b434b6d2d 100644 --- a/2018/17xxx/CVE-2018-17299.json +++ b/2018/17xxx/CVE-2018-17299.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17299", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17299", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17645.json b/2018/17xxx/CVE-2018-17645.json index f0262e3e287..b5dc14f7887 100644 --- a/2018/17xxx/CVE-2018-17645.json +++ b/2018/17xxx/CVE-2018-17645.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-17645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.2.0.9297" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416: Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-17645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Reader", + "version": { + "version_data": [ + { + "version_value": "9.2.0.9297" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1152/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1152/" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the vAlign property of a TimeField. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6482." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416: Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + }, + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1152/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1152/" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20045.json b/2018/20xxx/CVE-2018-20045.json index 021d3f1fb35..a138276f23a 100644 --- a/2018/20xxx/CVE-2018-20045.json +++ b/2018/20xxx/CVE-2018-20045.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20045", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20045", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20716.json b/2018/20xxx/CVE-2018-20716.json index c907e42c6a6..ec76b1723ce 100644 --- a/2018/20xxx/CVE-2018-20716.json +++ b/2018/20xxx/CVE-2018-20716.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20716", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the \"I forgot my Password!\" feature." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20716", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/", - "refsource" : "MISC", - "url" : "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the \"I forgot my Password!\" feature." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/", + "refsource": "MISC", + "url": "https://blog.ripstech.com/2018/cubecart-admin-authentication-bypass/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9326.json b/2018/9xxx/CVE-2018-9326.json index 1b84fdba707..ace9a2390f4 100644 --- a/2018/9xxx/CVE-2018-9326.json +++ b/2018/9xxx/CVE-2018-9326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://blog.etherpad.org/2018/04/07/important-release-1-6-4/", - "refsource" : "CONFIRM", - "url" : "http://blog.etherpad.org/2018/04/07/important-release-1-6-4/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://blog.etherpad.org/2018/04/07/important-release-1-6-4/", + "refsource": "CONFIRM", + "url": "http://blog.etherpad.org/2018/04/07/important-release-1-6-4/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9328.json b/2018/9xxx/CVE-2018-9328.json index ff84ee3f3dc..4fd4f502e7d 100644 --- a/2018/9xxx/CVE-2018-9328.json +++ b/2018/9xxx/CVE-2018-9328.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9328", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9328", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://pastebin.com/SbjwbYVr", - "refsource" : "MISC", - "url" : "https://pastebin.com/SbjwbYVr" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://pastebin.com/SbjwbYVr", + "refsource": "MISC", + "url": "https://pastebin.com/SbjwbYVr" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9416.json b/2018/9xxx/CVE-2018-9416.json index 03a6f5999a8..fdbfa9cd053 100644 --- a/2018/9xxx/CVE-2018-9416.json +++ b/2018/9xxx/CVE-2018-9416.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9416", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9416", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9694.json b/2018/9xxx/CVE-2018-9694.json index 311caf8feb4..c07a5c95d01 100644 --- a/2018/9xxx/CVE-2018-9694.json +++ b/2018/9xxx/CVE-2018-9694.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9694", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9694", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file