From 6cf7a2d39de3c9275a3c1357d932f53227644ec9 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 23:56:23 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0153.json | 170 ++++++++-------- 2002/0xxx/CVE-2002-0408.json | 140 ++++++------- 2002/0xxx/CVE-2002-0975.json | 140 ++++++------- 2002/1xxx/CVE-2002-1073.json | 140 ++++++------- 2002/1xxx/CVE-2002-1192.json | 180 ++++++++--------- 2002/1xxx/CVE-2002-1430.json | 150 +++++++------- 2002/2xxx/CVE-2002-2096.json | 160 +++++++-------- 2002/2xxx/CVE-2002-2337.json | 140 ++++++------- 2003/0xxx/CVE-2003-0005.json | 34 ++-- 2003/0xxx/CVE-2003-0071.json | 200 +++++++++--------- 2003/0xxx/CVE-2003-0190.json | 200 +++++++++--------- 2003/0xxx/CVE-2003-0277.json | 140 ++++++------- 2003/0xxx/CVE-2003-0717.json | 190 ++++++++--------- 2003/0xxx/CVE-2003-0953.json | 34 ++-- 2009/5xxx/CVE-2009-5125.json | 150 +++++++------- 2012/0xxx/CVE-2012-0486.json | 180 ++++++++--------- 2012/0xxx/CVE-2012-0532.json | 160 +++++++-------- 2012/0xxx/CVE-2012-0558.json | 160 +++++++-------- 2012/0xxx/CVE-2012-0741.json | 140 ++++++------- 2012/1xxx/CVE-2012-1193.json | 150 +++++++------- 2012/1xxx/CVE-2012-1945.json | 190 ++++++++--------- 2012/3xxx/CVE-2012-3062.json | 120 +++++------ 2012/3xxx/CVE-2012-3587.json | 150 +++++++------- 2012/4xxx/CVE-2012-4095.json | 130 ++++++------ 2012/4xxx/CVE-2012-4215.json | 360 ++++++++++++++++----------------- 2012/4xxx/CVE-2012-4676.json | 140 ++++++------- 2012/4xxx/CVE-2012-4714.json | 130 ++++++------ 2017/2xxx/CVE-2017-2259.json | 34 ++-- 2017/2xxx/CVE-2017-2271.json | 120 +++++------ 2017/2xxx/CVE-2017-2300.json | 152 +++++++------- 2017/2xxx/CVE-2017-2634.json | 200 +++++++++--------- 2017/6xxx/CVE-2017-6486.json | 130 ++++++------ 2017/6xxx/CVE-2017-6677.json | 34 ++-- 2017/6xxx/CVE-2017-6838.json | 160 +++++++-------- 2017/7xxx/CVE-2017-7194.json | 34 ++-- 2018/10xxx/CVE-2018-10097.json | 120 +++++------ 2018/10xxx/CVE-2018-10860.json | 190 ++++++++--------- 2018/14xxx/CVE-2018-14034.json | 120 +++++------ 2018/14xxx/CVE-2018-14209.json | 34 ++-- 2018/14xxx/CVE-2018-14822.json | 132 ++++++------ 2018/14xxx/CVE-2018-14884.json | 140 ++++++------- 2018/15xxx/CVE-2018-15302.json | 34 ++-- 2018/15xxx/CVE-2018-15893.json | 120 +++++------ 2018/15xxx/CVE-2018-15902.json | 34 ++-- 2018/20xxx/CVE-2018-20478.json | 120 +++++------ 2018/20xxx/CVE-2018-20656.json | 34 ++-- 2018/20xxx/CVE-2018-20703.json | 120 +++++------ 2018/9xxx/CVE-2018-9092.json | 130 ++++++------ 2018/9xxx/CVE-2018-9115.json | 140 ++++++------- 2018/9xxx/CVE-2018-9422.json | 142 ++++++------- 50 files changed, 3326 insertions(+), 3326 deletions(-) diff --git a/2002/0xxx/CVE-2002-0153.json b/2002/0xxx/CVE-2002-0153.json index d69d94befbd..f1dc55e82d3 100644 --- a/2002/0xxx/CVE-2002-0153.json +++ b/2002/0xxx/CVE-2002-0153.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0153", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0153", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020122 Macinosh IE file execuion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/251805" - }, - { - "name" : "MS02-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" - }, - { - "name" : "3935", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/3935" - }, - { - "name" : "5356", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5356" - }, - { - "name" : "ie-macos-file-execution(7969)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" - }, - { - "name" : "ie-mac-applescript-execution(8851)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8851.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the \"Local Applescript Invocation\" vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3935", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/3935" + }, + { + "name": "MS02-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019" + }, + { + "name": "20020122 Macinosh IE file execuion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/251805" + }, + { + "name": "ie-macos-file-execution(7969)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7969" + }, + { + "name": "ie-mac-applescript-execution(8851)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8851.php" + }, + { + "name": "5356", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5356" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0408.json b/2002/0xxx/CVE-2002-0408.json index 7e7cd404ab7..8d4f53311c5 100644 --- a/2002/0xxx/CVE-2002-0408.json +++ b/2002/0xxx/CVE-2002-0408.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0408", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0408", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101310812804716&w=2" - }, - { - "name" : "20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101785616526383&w=2" - }, - { - "name" : "4049", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4049" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configured with the NoBanner setting, allows remote attackers to determine the version number of the server via a request that generates an HTTP 500 error code, which leaks the version in a hard-coded error message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4049", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4049" + }, + { + "name": "20020303 Re: KPMG-2002006: Lotus Domino Physical Path Revealed", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101785616526383&w=2" + }, + { + "name": "20020207 Re: KPMG-2002004: Lotus Domino Webserver DOS-device Denial of Service", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101310812804716&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0975.json b/2002/0xxx/CVE-2002-0975.json index d9d4395235c..90294589750 100644 --- a/2002/0xxx/CVE-2002-0975.json +++ b/2002/0xxx/CVE-2002-0975.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0975", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0975", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020816 Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102953851705859&w=2" - }, - { - "name" : "5489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5489" - }, - { - "name" : "ms-directx-files-viewer-bo(9877)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9877.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020816 Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102953851705859&w=2" + }, + { + "name": "ms-directx-files-viewer-bo(9877)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9877.php" + }, + { + "name": "5489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5489" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1073.json b/2002/1xxx/CVE-2002-1073.json index 8ca00343205..f895474e390 100644 --- a/2002/1xxx/CVE-2002-1073.json +++ b/2002/1xxx/CVE-2002-1073.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1073", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1073", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020717 MERCUR Mailserver advisory/remote exploit", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html" - }, - { - "name" : "mercur-control-service-bo(9618)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9618.php" - }, - { - "name" : "5261", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5261", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5261" + }, + { + "name": "20020717 MERCUR Mailserver advisory/remote exploit", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html" + }, + { + "name": "mercur-control-service-bo(9618)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9618.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1192.json b/2002/1xxx/CVE-2002-1192.json index c783982196d..d1af15fcebf 100644 --- a/2002/1xxx/CVE-2002-1192.json +++ b/2002/1xxx/CVE-2002-1192.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1192", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain \"games\" group privileges via malformed entries in a game save file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1192", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020928 local exploitable overflow in rogue/FreeBSD", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103342413220529&w=2" - }, - { - "name" : "NetBSD-SA2002-021", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc" - }, - { - "name" : "6098", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6098" - }, - { - "name" : "7181", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7181" - }, - { - "name" : "7252", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7252" - }, - { - "name" : "5837", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5837" - }, - { - "name" : "bsd-rogue-bo(10261)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10261" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD 4.6, and possibly other operating systems, allows local users to gain \"games\" group privileges via malformed entries in a game save file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5837", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5837" + }, + { + "name": "7181", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7181" + }, + { + "name": "NetBSD-SA2002-021", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-021.txt.asc" + }, + { + "name": "20020928 local exploitable overflow in rogue/FreeBSD", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103342413220529&w=2" + }, + { + "name": "bsd-rogue-bo(10261)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10261" + }, + { + "name": "7252", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7252" + }, + { + "name": "6098", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6098" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1430.json b/2002/1xxx/CVE-2002-1430.json index 7842f13898e..614823ed8e4 100644 --- a/2002/1xxx/CVE-2002-1430.json +++ b/2002/1xxx/CVE-2002-1430.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html" - }, - { - "name" : "http://www.ralusp.net/downloads/sympoll/changelog.txt", - "refsource" : "CONFIRM", - "url" : "http://www.ralusp.net/downloads/sympoll/changelog.txt" - }, - { - "name" : "5360", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5360" - }, - { - "name" : "sympoll-php-view-files(9723)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9723.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "sympoll-php-view-files(9723)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9723.php" + }, + { + "name": "http://www.ralusp.net/downloads/sympoll/changelog.txt", + "refsource": "CONFIRM", + "url": "http://www.ralusp.net/downloads/sympoll/changelog.txt" + }, + { + "name": "20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html" + }, + { + "name": "5360", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5360" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2096.json b/2002/2xxx/CVE-2002-2096.json index 2a92b3ff30e..4bd636bd510 100644 --- a/2002/2xxx/CVE-2002-2096.json +++ b/2002/2xxx/CVE-2002-2096.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020402 iXsecurity.20020313.nw6remotemanager.a", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html" - }, - { - "name" : "20020406 NetWare Remote Manager patches", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2962026", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2962026" - }, - { - "name" : "4405", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4405" - }, - { - "name" : "netware-remote-manager-bo(8736)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8736.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary code via a long (1) username or (2) password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "4405", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4405" + }, + { + "name": "20020406 NetWare Remote Manager patches", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0088.html" + }, + { + "name": "netware-remote-manager-bo(8736)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8736.php" + }, + { + "name": "20020402 iXsecurity.20020313.nw6remotemanager.a", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0001.html" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2962026", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2962026" + } + ] + } +} \ No newline at end of file diff --git a/2002/2xxx/CVE-2002-2337.json b/2002/2xxx/CVE-2002-2337.json index 0c9207ad5c4..26d1a041b35 100644 --- a/2002/2xxx/CVE-2002-2337.json +++ b/2002/2xxx/CVE-2002-2337.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-2337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-2337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/294411" - }, - { - "name" : "20030319 Easy DoS on Kaspersky Anti-Hacker v1.0", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/315631" - }, - { - "name" : "5917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Kaspersky Anti-Hacker 1.0, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030319 Easy DoS on Kaspersky Anti-Hacker v1.0", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/315631" + }, + { + "name": "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/294411" + }, + { + "name": "5917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5917" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0005.json b/2003/0xxx/CVE-2003-0005.json index 9b9fccd7c56..f64d2c4e477 100644 --- a/2003/0xxx/CVE-2003-0005.json +++ b/2003/0xxx/CVE-2003-0005.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0005", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0005", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0071.json b/2003/0xxx/CVE-2003-0071.json index 04baff9f912..841bd210a60 100644 --- a/2003/0xxx/CVE-2003-0071.json +++ b/2003/0xxx/CVE-2003-0071.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0071", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0071", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" - }, - { - "name" : "20030224 Terminal Emulator Security Issues", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104612710031920&w=2" - }, - { - "name" : "DSA-380", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-380" - }, - { - "name" : "RHSA-2003:064", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-064.html" - }, - { - "name" : "RHSA-2003:065", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-065.html" - }, - { - "name" : "RHSA-2003:066", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-066.html" - }, - { - "name" : "RHSA-2003:067", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html" - }, - { - "name" : "6950", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6950" - }, - { - "name" : "terminal-emulator-dec-udk(11415)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11415.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-380", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-380" + }, + { + "name": "RHSA-2003:067", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-067.html" + }, + { + "name": "RHSA-2003:066", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-066.html" + }, + { + "name": "terminal-emulator-dec-udk(11415)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11415.php" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104612710031920&w=2" + }, + { + "name": "RHSA-2003:064", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-064.html" + }, + { + "name": "6950", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6950" + }, + { + "name": "RHSA-2003:065", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-065.html" + }, + { + "name": "20030224 Terminal Emulator Security Issues", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0190.json b/2003/0xxx/CVE-2003-0190.json index 35827c7ca01..f7c9be6d4c5 100644 --- a/2003/0xxx/CVE-2003-0190.json +++ b/2003/0xxx/CVE-2003-0190.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0190", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0190", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030430 OpenSSH/PAM timing attack allows remote users identification", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105172058404810&w=2" - }, - { - "name" : "20030430 OpenSSH/PAM timing attack allows remote users identification", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html" - }, - { - "name" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", - "refsource" : "MISC", - "url" : "http://lab.mediaservice.net/advisory/2003-01-openssh.txt" - }, - { - "name" : "RHSA-2003:222", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-222.html" - }, - { - "name" : "RHSA-2003:224", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-224.html" - }, - { - "name" : "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106018677302607&w=2" - }, - { - "name" : "TLSA-2003-31", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-31.txt" - }, - { - "name" : "7467", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7467" - }, - { - "name" : "oval:org.mitre.oval:def:445", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:222", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-222.html" + }, + { + "name": "20030430 OpenSSH/PAM timing attack allows remote users identification", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105172058404810&w=2" + }, + { + "name": "7467", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7467" + }, + { + "name": "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106018677302607&w=2" + }, + { + "name": "RHSA-2003:224", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-224.html" + }, + { + "name": "oval:org.mitre.oval:def:445", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445" + }, + { + "name": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt", + "refsource": "MISC", + "url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt" + }, + { + "name": "TLSA-2003-31", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-31.txt" + }, + { + "name": "20030430 OpenSSH/PAM timing attack allows remote users identification", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0277.json b/2003/0xxx/CVE-2003-0277.json index 725982c46ab..7c15b1a2426 100644 --- a/2003/0xxx/CVE-2003-0277.json +++ b/2003/0xxx/CVE-2003-0277.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0277", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0277", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030512 One more flaw in Happymall", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105276130814262&w=2" - }, - { - "name" : "7559", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7559" - }, - { - "name" : "happymall-dotdot-directory-traversal(11987)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "happymall-dotdot-directory-traversal(11987)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11987" + }, + { + "name": "7559", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7559" + }, + { + "name": "20030512 One more flaw in Happymall", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105276130814262&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0717.json b/2003/0xxx/CVE-2003-0717.json index 8b366830127..fa074323f0c 100644 --- a/2003/0xxx/CVE-2003-0717.json +++ b/2003/0xxx/CVE-2003-0717.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0717", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0717", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS03-043", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043" - }, - { - "name" : "CA-2003-27", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-27.html" - }, - { - "name" : "20031016 MS03-043 Popup Messenger Servce buffer-overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=106632188709562&w=2" - }, - { - "name" : "20031018 Proof of concept for Windows Messenger Service overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106666713812158&w=2" - }, - { - "name" : "VU#575892", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/575892" - }, - { - "name" : "8826", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8826" - }, - { - "name" : "oval:org.mitre.oval:def:213", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213" - }, - { - "name" : "oval:org.mitre.oval:def:268", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20031018 Proof of concept for Windows Messenger Service overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106666713812158&w=2" + }, + { + "name": "oval:org.mitre.oval:def:213", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A213" + }, + { + "name": "20031016 MS03-043 Popup Messenger Servce buffer-overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=106632188709562&w=2" + }, + { + "name": "CA-2003-27", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-27.html" + }, + { + "name": "VU#575892", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/575892" + }, + { + "name": "8826", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8826" + }, + { + "name": "oval:org.mitre.oval:def:268", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A268" + }, + { + "name": "MS03-043", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-043" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0953.json b/2003/0xxx/CVE-2003-0953.json index 09c9e8178d6..2a1cb785d96 100644 --- a/2003/0xxx/CVE-2003-0953.json +++ b/2003/0xxx/CVE-2003-0953.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0953", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2003-0953", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2009/5xxx/CVE-2009-5125.json b/2009/5xxx/CVE-2009-5125.json index 0d5615cc66b..5deefdea373 100644 --- a/2009/5xxx/CVE-2009-5125.json +++ b/2009/5xxx/CVE-2009-5125.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2009-5125", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in an RAR archive via an unspecified manipulation of the archive file format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2009-5125", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20090427 [TZO-14-2009] Comodo Antivirus RAR evasion", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/503018" - }, - { - "name" : "http://blog.zoller.lu/2009/04/comodo-antivirus-evasionbypass.html", - "refsource" : "MISC", - "url" : "http://blog.zoller.lu/2009/04/comodo-antivirus-evasionbypass.html" - }, - { - "name" : "http://personalfirewall.comodo.com/release_notes.html", - "refsource" : "CONFIRM", - "url" : "http://personalfirewall.comodo.com/release_notes.html" - }, - { - "name" : "34737", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/34737" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Comodo Internet Security before 3.9.95478.509 allows remote attackers to bypass malware detection in an RAR archive via an unspecified manipulation of the archive file format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "34737", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/34737" + }, + { + "name": "http://personalfirewall.comodo.com/release_notes.html", + "refsource": "CONFIRM", + "url": "http://personalfirewall.comodo.com/release_notes.html" + }, + { + "name": "http://blog.zoller.lu/2009/04/comodo-antivirus-evasionbypass.html", + "refsource": "MISC", + "url": "http://blog.zoller.lu/2009/04/comodo-antivirus-evasionbypass.html" + }, + { + "name": "20090427 [TZO-14-2009] Comodo Antivirus RAR evasion", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/503018" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0486.json b/2012/0xxx/CVE-2012-0486.json index 718c2812af8..9ef8ebc636e 100644 --- a/2012/0xxx/CVE-2012-0486.json +++ b/2012/0xxx/CVE-2012-0486.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "USN-1397-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1397-1" - }, - { - "name" : "51514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51514" - }, - { - "name" : "78384", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78384" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - }, - { - "name" : "mysql-serveruns5-dos(72527)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "mysql-serveruns5-dos(72527)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72527" + }, + { + "name": "USN-1397-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1397-1" + }, + { + "name": "51514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51514" + }, + { + "name": "78384", + "refsource": "OSVDB", + "url": "http://osvdb.org/78384" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0532.json b/2012/0xxx/CVE-2012-0532.json index 893fc93a477..776a1dddd9f 100644 --- a/2012/0xxx/CVE-2012-0532.json +++ b/2012/0xxx/CVE-2012-0532.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0532", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0532", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53060", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53060" - }, - { - "name" : "1026949", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026949" - }, - { - "name" : "48861", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48861" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53060", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53060" + }, + { + "name": "1026949", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026949" + }, + { + "name": "48861", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48861" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0558.json b/2012/0xxx/CVE-2012-0558.json index 1ad7c08fdbd..46da5b7f4b9 100644 --- a/2012/0xxx/CVE-2012-0558.json +++ b/2012/0xxx/CVE-2012-0558.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0558", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.2.1, 8.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web application." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-0558", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "53056", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53056" - }, - { - "name" : "1026943", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026943" - }, - { - "name" : "48888", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.2.1, 8.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web application." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026943", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026943" + }, + { + "name": "53056", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53056" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" + }, + { + "name": "48888", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48888" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0741.json b/2012/0xxx/CVE-2012-0741.json index fdcea38ddaa..dd818839946 100644 --- a/2012/0xxx/CVE-2012-0741.json +++ b/2012/0xxx/CVE-2012-0741.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0741", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0741", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620759", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620759" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620760", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620760" - }, - { - "name" : "appscan-mep-spoofing(74142)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74142" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy Tester before 8.5.0.3 do not validate X.509 certificates during use of the Manual Explore Proxy feature, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620759", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620759" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620760", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620760" + }, + { + "name": "appscan-mep-spoofing(74142)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74142" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1193.json b/2012/1xxx/CVE-2012-1193.json index 9ba0359de71..e18a8e8b832 100644 --- a/2012/1xxx/CVE-2012-1193.json +++ b/2012/1xxx/CVE-2012-1193.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1193", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1193", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf", - "refsource" : "MISC", - "url" : "https://www.isc.org/files/imce/ghostdomain_camera.pdf" - }, - { - "name" : "FEDORA-2013-5692", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102729.html" - }, - { - "name" : "FEDORA-2013-6279", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html" - }, - { - "name" : "FEDORA-2013-6316", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104173.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.isc.org/files/imce/ghostdomain_camera.pdf", + "refsource": "MISC", + "url": "https://www.isc.org/files/imce/ghostdomain_camera.pdf" + }, + { + "name": "FEDORA-2013-6279", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104177.html" + }, + { + "name": "FEDORA-2013-5692", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102729.html" + }, + { + "name": "FEDORA-2013-6316", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104173.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1945.json b/2012/1xxx/CVE-2012-1945.json index f22957880bd..e8ff8434815 100644 --- a/2012/1xxx/CVE-2012-1945.json +++ b/2012/1xxx/CVE-2012-1945.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1945", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1945", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-37.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-37.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=670514", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=670514" - }, - { - "name" : "MDVSA-2012:088", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" - }, - { - "name" : "RHSA-2012:0710", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0710.html" - }, - { - "name" : "RHSA-2012:0715", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-0715.html" - }, - { - "name" : "SUSE-SU-2012:0746", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" - }, - { - "name" : "openSUSE-SU-2012:0760", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" - }, - { - "name" : "oval:org.mitre.oval:def:16743", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-37.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-37.html" + }, + { + "name": "oval:org.mitre.oval:def:16743", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16743" + }, + { + "name": "MDVSA-2012:088", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088" + }, + { + "name": "RHSA-2012:0710", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0710.html" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=670514", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=670514" + }, + { + "name": "SUSE-SU-2012:0746", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html" + }, + { + "name": "openSUSE-SU-2012:0760", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html" + }, + { + "name": "RHSA-2012:0715", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-0715.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3062.json b/2012/3xxx/CVE-2012-3062.json index fcaff08b5c1..753b5fc7ffd 100644 --- a/2012/3xxx/CVE-2012-3062.json +++ b/2012/3xxx/CVE-2012-3062.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-3062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf", + "refsource": "CONFIRM", + "url": "http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-1SY/release_notes.pdf" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3587.json b/2012/3xxx/CVE-2012-3587.json index c88dba49159..0ac47506adf 100644 --- a/2012/3xxx/CVE-2012-3587.json +++ b/2012/3xxx/CVE-2012-3587.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3587", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-3587", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120612 Strange gpg key shadowing", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Jun/267" - }, - { - "name" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128", - "refsource" : "CONFIRM", - "url" : "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128" - }, - { - "name" : "USN-1475-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1475-1" - }, - { - "name" : "USN-1477-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1477-1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle (MITM) attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20120612 Strange gpg key shadowing", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Jun/267" + }, + { + "name": "USN-1477-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1477-1" + }, + { + "name": "USN-1475-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1475-1" + }, + { + "name": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128", + "refsource": "CONFIRM", + "url": "https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1013128" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4095.json b/2012/4xxx/CVE-2012-4095.json index 1470fb7860f..792b8bda269 100644 --- a/2012/4xxx/CVE-2012-4095.json +++ b/2012/4xxx/CVE-2012-4095.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4095", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4095", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130930 Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4095" - }, - { - "name" : "55135", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/55135" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The local file editor in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges, and read or modify arbitrary files, via unspecified key bindings, aka Bug ID CSCtn04521." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20130930 Cisco Unified Computing System Fabric Interconnect Arbitrary File Access Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4095" + }, + { + "name": "55135", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/55135" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4215.json b/2012/4xxx/CVE-2012-4215.json index e604f328d4d..6dd9826c762 100644 --- a/2012/4xxx/CVE-2012-4215.json +++ b/2012/4xxx/CVE-2012-4215.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4215", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4215", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798677", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=798677" - }, - { - "name" : "MDVSA-2012:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56633", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56633" - }, - { - "name" : "oval:org.mitre.oval:def:16690", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16690" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-fireclipboard-code-exec(80188)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80188" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in the nsPlaintextEditor::FireClipboardEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "oval:org.mitre.oval:def:16690", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16690" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "MDVSA-2012:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "56633", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56633" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + }, + { + "name": "firefox-fireclipboard-code-exec(80188)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80188" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=798677", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=798677" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4676.json b/2012/4xxx/CVE-2012-4676.json index 3fe8cb3e32f..b7d5d0ceef7 100644 --- a/2012/4xxx/CVE-2012-4676.json +++ b/2012/4xxx/CVE-2012-4676.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4676", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4676", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" - }, - { - "name" : "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/08/14/1" - }, - { - "name" : "http://code.google.com/p/tunnelblick/issues/detail?id=212", - "refsource" : "CONFIRM", - "url" : "http://code.google.com/p/tunnelblick/issues/detail?id=212" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability than CVE-2012-3485." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/08/14/1" + }, + { + "name": "http://code.google.com/p/tunnelblick/issues/detail?id=212", + "refsource": "CONFIRM", + "url": "http://code.google.com/p/tunnelblick/issues/detail?id=212" + }, + { + "name": "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4714.json b/2012/4xxx/CVE-2012-4714.json index 20eb2fc5f55..a3323c8fe99 100644 --- a/2012/4xxx/CVE-2012-4714.json +++ b/2012/4xxx/CVE-2012-4714.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4714", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "ID": "CVE-2012-4714", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf", - "refsource" : "MISC", - "url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf" - }, - { - "name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599", - "refsource" : "CONFIRM", - "url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf", + "refsource": "MISC", + "url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf" + }, + { + "name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599", + "refsource": "CONFIRM", + "url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2259.json b/2017/2xxx/CVE-2017-2259.json index fdbd7d399b0..ef4334b682c 100644 --- a/2017/2xxx/CVE-2017-2259.json +++ b/2017/2xxx/CVE-2017-2259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2259", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-2259", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2271.json b/2017/2xxx/CVE-2017-2271.json index b0ed123340d..4237af75fa7 100644 --- a/2017/2xxx/CVE-2017-2271.json +++ b/2017/2xxx/CVE-2017-2271.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2271", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Self-extracting encrypted files created by AttacheCase", - "version" : { - "version_data" : [ - { - "version_value" : "ver.2.8.3.0 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "HiBARA Software" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Untrusted search path vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2271", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Self-extracting encrypted files created by AttacheCase", + "version": { + "version_data": [ + { + "version_value": "ver.2.8.3.0 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "HiBARA Software" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "JVN#61502349", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN61502349/index.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.2.8.3.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Untrusted search path vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#61502349", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN61502349/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2300.json b/2017/2xxx/CVE-2017-2300.json index c760f11825b..a1f99e19e34 100644 --- a/2017/2xxx/CVE-2017-2300.json +++ b/2017/2xxx/CVE-2017-2300.json @@ -1,78 +1,78 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "sirt@juniper.net", - "ID" : "CVE-2017-2300", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Junos OS on SRX Series Services Gateways chassis cluster", - "version" : { - "version_data" : [ - { - "version_value" : "12.1X46 prior to 12.1X46-D65" - }, - { - "version_value" : "12.3X48 prior to 12.3X48-D40" - }, - { - "version_value" : "12.3X48 prior to 12.3X48-D60" - } - ] - } - } - ] - }, - "vendor_name" : "Juniper Networks" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "flowd daemon crash denial of service vulnerability " - } + "CVE_data_meta": { + "ASSIGNER": "sirt@juniper.net", + "ID": "CVE-2017-2300", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Junos OS on SRX Series Services Gateways chassis cluster", + "version": { + "version_data": [ + { + "version_value": "12.1X46 prior to 12.1X46-D65" + }, + { + "version_value": "12.3X48 prior to 12.3X48-D40" + }, + { + "version_value": "12.3X48 prior to 12.3X48-D60" + } + ] + } + } + ] + }, + "vendor_name": "Juniper Networks" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://kb.juniper.net/JSA10768", - "refsource" : "CONFIRM", - "url" : "https://kb.juniper.net/JSA10768" - }, - { - "name" : "95400", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95400" - }, - { - "name" : "1037597", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037597" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and restart when attempting to synchronize a multicast session created via crafted multicast packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "flowd daemon crash denial of service vulnerability " + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://kb.juniper.net/JSA10768", + "refsource": "CONFIRM", + "url": "https://kb.juniper.net/JSA10768" + }, + { + "name": "95400", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95400" + }, + { + "name": "1037597", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037597" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2634.json b/2017/2xxx/CVE-2017-2634.json index cd677693ef7..ca34ca2d630 100644 --- a/2017/2xxx/CVE-2017-2634.json +++ b/2017/2xxx/CVE-2017-2634.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "kernel:", - "version" : { - "version_data" : [ - { - "version_value" : "2.6.22.17" - } - ] - } - } - ] - }, - "vendor_name" : "Linux" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-476" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "kernel:", + "version": { + "version_data": [ + { + "version_value": "2.6.22.17" + } + ] + } + } + ] + }, + "vendor_name": "Linux" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634" - }, - { - "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51", - "refsource" : "CONFIRM", - "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51" - }, - { - "name" : "RHSA-2017:0323", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0323.html" - }, - { - "name" : "RHSA-2017:0346", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0346.html" - }, - { - "name" : "RHSA-2017:0347", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2017-0347.html" - }, - { - "name" : "96529", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96529" - }, - { - "name" : "1037909", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037909" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "It was found that the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation before 2.6.22.17 used the IPv4-only inet_sk_rebuild_header() function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-476" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:0323", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0323.html" + }, + { + "name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51", + "refsource": "CONFIRM", + "url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f53dc67c5e7babafe239b93a11678b0e05bead51" + }, + { + "name": "RHSA-2017:0347", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0347.html" + }, + { + "name": "1037909", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037909" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2634" + }, + { + "name": "RHSA-2017:0346", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2017-0346.html" + }, + { + "name": "96529", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96529" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6486.json b/2017/6xxx/CVE-2017-6486.json index c58e76500a3..5bdffd6d863 100644 --- a/2017/6xxx/CVE-2017-6486.json +++ b/2017/6xxx/CVE-2017-6486.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6486", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the \"reasoncms-master/www/nyroModal/demoSent.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6486", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/reasoncms/reasoncms/issues/264", - "refsource" : "CONFIRM", - "url" : "https://github.com/reasoncms/reasoncms/issues/264" - }, - { - "name" : "https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1", - "refsource" : "CONFIRM", - "url" : "https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the \"reasoncms-master/www/nyroModal/demoSent.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1", + "refsource": "CONFIRM", + "url": "https://github.com/reasoncms/reasoncms/releases/tag/v4.7.1" + }, + { + "name": "https://github.com/reasoncms/reasoncms/issues/264", + "refsource": "CONFIRM", + "url": "https://github.com/reasoncms/reasoncms/issues/264" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6677.json b/2017/6xxx/CVE-2017-6677.json index a1119cca107..fb9d8e85dab 100644 --- a/2017/6xxx/CVE-2017-6677.json +++ b/2017/6xxx/CVE-2017-6677.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6677", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6677", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6838.json b/2017/6xxx/CVE-2017-6838.json index 864c69c5d5e..1b92a1ef233 100644 --- a/2017/6xxx/CVE-2017-6838.json +++ b/2017/6xxx/CVE-2017-6838.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6838", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6838", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/03/13/9" - }, - { - "name" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", - "refsource" : "MISC", - "url" : "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" - }, - { - "name" : "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c", - "refsource" : "MISC", - "url" : "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c" - }, - { - "name" : "https://github.com/mpruett/audiofile/issues/41", - "refsource" : "MISC", - "url" : "https://github.com/mpruett/audiofile/issues/41" - }, - { - "name" : "DSA-3814", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3814" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-3814", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3814" + }, + { + "name": "[oss-security] 20170313 Re: audiofile: multiple ubsan crashes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" + }, + { + "name": "https://github.com/mpruett/audiofile/issues/41", + "refsource": "MISC", + "url": "https://github.com/mpruett/audiofile/issues/41" + }, + { + "name": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c", + "refsource": "MISC", + "url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c" + }, + { + "name": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", + "refsource": "MISC", + "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7194.json b/2017/7xxx/CVE-2017-7194.json index 40fea406259..6a6c90fdbe9 100644 --- a/2017/7xxx/CVE-2017-7194.json +++ b/2017/7xxx/CVE-2017-7194.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7194", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7194", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10097.json b/2018/10xxx/CVE-2018-10097.json index 4e6edaff63b..97ba76afd81 100644 --- a/2018/10xxx/CVE-2018-10097.json +++ b/2018/10xxx/CVE-2018-10097.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10097", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10097", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XSS exists in Domain Trader 2.5.3 via the recoverlogin.php email_address parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146855/Domaintrader-2.5.3-Cross-Site-Scripting.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10860.json b/2018/10xxx/CVE-2018-10860.json index 9e268cc4bc6..6b6474b115d 100644 --- a/2018/10xxx/CVE-2018-10860.json +++ b/2018/10xxx/CVE-2018-10860.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "lpardo@redhat.com", - "ID" : "CVE-2018-10860", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "perl-archive-zip", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "[UNKNOWN]" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-22" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10860", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "perl-archive-zip", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "[UNKNOWN]" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180724 [SECURITY] [DLA 1440-1] libarchive-zip-perl security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00032.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860" - }, - { - "name" : "DSA-4300", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4300" - }, - { - "name" : "USN-3703-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3703-1/" - }, - { - "name" : "USN-3703-2", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3703-2/" - }, - { - "name" : "104580", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104580" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-22" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10860" + }, + { + "name": "[debian-lts-announce] 20180724 [SECURITY] [DLA 1440-1] libarchive-zip-perl security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00032.html" + }, + { + "name": "USN-3703-2", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3703-2/" + }, + { + "name": "104580", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104580" + }, + { + "name": "DSA-4300", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4300" + }, + { + "name": "USN-3703-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3703-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14034.json b/2018/14xxx/CVE-2018-14034.json index de77dbef642..fd9a1c820fc 100644 --- a/2018/14xxx/CVE-2018-14034.json +++ b/2018/14xxx/CVE-2018-14034.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14034", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14034", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/blob/master/hdf5/README2.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14209.json b/2018/14xxx/CVE-2018-14209.json index 764b73900ec..81f6e51b7cd 100644 --- a/2018/14xxx/CVE-2018-14209.json +++ b/2018/14xxx/CVE-2018-14209.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14209", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14209", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14822.json b/2018/14xxx/CVE-2018-14822.json index 8572a9d08c9..b4da51886e0 100644 --- a/2018/14xxx/CVE-2018-14822.json +++ b/2018/14xxx/CVE-2018-14822.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-10-02T00:00:00", - "ID" : "CVE-2018-14822", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "EMG12", - "version" : { - "version_data" : [ - { - "version_value" : "All versions prior to version 2.57" - } - ] - } - } - ] - }, - "vendor_name" : "Entes" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "INFORMATION EXPOSURE THROUGH QUERY STRINGS IN GET REQUEST CWE-598" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-10-02T00:00:00", + "ID": "CVE-2018-14822", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "EMG12", + "version": { + "version_data": [ + { + "version_value": "All versions prior to version 2.57" + } + ] + } + } + ] + }, + "vendor_name": "Entes" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03" - }, - { - "name" : "105489", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105489" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user and execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "INFORMATION EXPOSURE THROUGH QUERY STRINGS IN GET REQUEST CWE-598" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-275-03" + }, + { + "name": "105489", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105489" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14884.json b/2018/14xxx/CVE-2018-14884.json index 45d0cddae5a..a6969041393 100644 --- a/2018/14xxx/CVE-2018-14884.json +++ b/2018/14xxx/CVE-2018-14884.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14884", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14884", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://php.net/ChangeLog-7.php", - "refsource" : "CONFIRM", - "url" : "http://php.net/ChangeLog-7.php" - }, - { - "name" : "https://bugs.php.net/bug.php?id=75535", - "refsource" : "CONFIRM", - "url" : "https://bugs.php.net/bug.php?id=75535" - }, - { - "name" : "https://security.netapp.com/advisory/ntap-20181107-0003/", - "refsource" : "CONFIRM", - "url" : "https://security.netapp.com/advisory/ntap-20181107-0003/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ext/standard/http_fopen_wrapper.c can be a NULL value that is mishandled in an atoi call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://security.netapp.com/advisory/ntap-20181107-0003/", + "refsource": "CONFIRM", + "url": "https://security.netapp.com/advisory/ntap-20181107-0003/" + }, + { + "name": "https://bugs.php.net/bug.php?id=75535", + "refsource": "CONFIRM", + "url": "https://bugs.php.net/bug.php?id=75535" + }, + { + "name": "http://php.net/ChangeLog-7.php", + "refsource": "CONFIRM", + "url": "http://php.net/ChangeLog-7.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15302.json b/2018/15xxx/CVE-2018-15302.json index 50bf219565a..dfcb590bafe 100644 --- a/2018/15xxx/CVE-2018-15302.json +++ b/2018/15xxx/CVE-2018-15302.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15302", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15302", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15893.json b/2018/15xxx/CVE-2018-15893.json index dcddbb2cf8a..703fcdab094 100644 --- a/2018/15xxx/CVE-2018-15893.json +++ b/2018/15xxx/CVE-2018-15893.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/wuzhicms/wuzhicms/issues/149", - "refsource" : "MISC", - "url" : "https://github.com/wuzhicms/wuzhicms/issues/149" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/wuzhicms/wuzhicms/issues/149", + "refsource": "MISC", + "url": "https://github.com/wuzhicms/wuzhicms/issues/149" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15902.json b/2018/15xxx/CVE-2018-15902.json index 9f2809cbda8..ff48bebc3fe 100644 --- a/2018/15xxx/CVE-2018-15902.json +++ b/2018/15xxx/CVE-2018-15902.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15902", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15902", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20478.json b/2018/20xxx/CVE-2018-20478.json index d65cfc81076..88764511813 100644 --- a/2018/20xxx/CVE-2018-20478.json +++ b/2018/20xxx/CVE-2018-20478.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20478", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20478", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://xz.aliyun.com/t/3614#toc-0", - "refsource" : "MISC", - "url" : "https://xz.aliyun.com/t/3614#toc-0" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://xz.aliyun.com/t/3614#toc-0", + "refsource": "MISC", + "url": "https://xz.aliyun.com/t/3614#toc-0" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20656.json b/2018/20xxx/CVE-2018-20656.json index c64325881f1..39f45b3a8f4 100644 --- a/2018/20xxx/CVE-2018-20656.json +++ b/2018/20xxx/CVE-2018-20656.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20656", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20656", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20703.json b/2018/20xxx/CVE-2018-20703.json index a1ea980026f..44a3688bd8a 100644 --- a/2018/20xxx/CVE-2018-20703.json +++ b/2018/20xxx/CVE-2018-20703.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20703", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20703", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/", - "refsource" : "MISC", - "url" : "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CubeCart 6.2.2 has Reflected XSS via a /{ADMIN-FILE}/ query string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/", + "refsource": "MISC", + "url": "https://www.netsparker.com/web-applications-advisories/ns-18-025-reflected-cross-site-scripting-in-cubecart/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9092.json b/2018/9xxx/CVE-2018-9092.json index 947ffde94dc..219185939d7 100644 --- a/2018/9xxx/CVE-2018-9092.json +++ b/2018/9xxx/CVE-2018-9092.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9092", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9092", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44362", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44362/" - }, - { - "name" : "https://github.com/bg5sbk/MiniCMS/issues/14", - "refsource" : "MISC", - "url" : "https://github.com/bg5sbk/MiniCMS/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bg5sbk/MiniCMS/issues/14", + "refsource": "MISC", + "url": "https://github.com/bg5sbk/MiniCMS/issues/14" + }, + { + "name": "44362", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44362/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9115.json b/2018/9xxx/CVE-2018-9115.json index 0a84f7ad0bc..77f6b094db2 100644 --- a/2018/9xxx/CVE-2018-9115.json +++ b/2018/9xxx/CVE-2018-9115.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9115", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9115", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44375", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44375/" - }, - { - "name" : "https://packetstormsecurity.com/files/146982", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/146982" - }, - { - "name" : "systematic-cve20189115-dos(141099)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to work with that layer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "systematic-cve20189115-dos(141099)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141099" + }, + { + "name": "https://packetstormsecurity.com/files/146982", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/146982" + }, + { + "name": "44375", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44375/" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9422.json b/2018/9xxx/CVE-2018-9422.json index 5af88448bbc..9ceac19a56c 100644 --- a/2018/9xxx/CVE-2018-9422.json +++ b/2018/9xxx/CVE-2018-9422.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@google.com", - "DATE_PUBLIC" : "2018-10-31T00:00:00", - "ID" : "CVE-2018-9422", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Android", - "version" : { - "version_data" : [ - { - "version_value" : "Android kernel" - } - ] - } - } - ] - }, - "vendor_name" : "Google Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of privilege" - } + "CVE_data_meta": { + "ASSIGNER": "security@android.com", + "DATE_PUBLIC": "2018-10-31T00:00:00", + "ID": "CVE-2018-9422", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Android", + "version": { + "version_data": [ + { + "version_value": "Android kernel" + } + ] + } + } + ] + }, + "vendor_name": "Google Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" - }, - { - "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" - }, - { - "name" : "https://source.android.com/security/bulletin/2018-07-01", - "refsource" : "CONFIRM", - "url" : "https://source.android.com/security/bulletin/2018-07-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" + }, + { + "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" + }, + { + "name": "https://source.android.com/security/bulletin/2018-07-01", + "refsource": "CONFIRM", + "url": "https://source.android.com/security/bulletin/2018-07-01" + } + ] + } +} \ No newline at end of file