From 7700c5299f96aac14ddd4d3dbb8bae380766b11c Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 21:48:18 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/1xxx/CVE-2002-1166.json | 160 +++++++------- 2002/1xxx/CVE-2002-1337.json | 360 ++++++++++++++++---------------- 2002/1xxx/CVE-2002-1785.json | 150 ++++++------- 2003/0xxx/CVE-2003-0341.json | 120 +++++------ 2003/0xxx/CVE-2003-0364.json | 210 +++++++++---------- 2003/0xxx/CVE-2003-0458.json | 130 ++++++------ 2003/0xxx/CVE-2003-0965.json | 210 +++++++++---------- 2003/0xxx/CVE-2003-0998.json | 130 ++++++------ 2003/1xxx/CVE-2003-1005.json | 150 ++++++------- 2003/1xxx/CVE-2003-1006.json | 180 ++++++++-------- 2003/1xxx/CVE-2003-1279.json | 160 +++++++------- 2004/0xxx/CVE-2004-0165.json | 170 +++++++-------- 2004/0xxx/CVE-2004-0369.json | 170 +++++++-------- 2004/0xxx/CVE-2004-0840.json | 190 ++++++++--------- 2004/2xxx/CVE-2004-2367.json | 160 +++++++------- 2004/2xxx/CVE-2004-2482.json | 160 +++++++------- 2004/2xxx/CVE-2004-2658.json | 120 +++++------ 2008/2xxx/CVE-2008-2054.json | 170 +++++++-------- 2008/2xxx/CVE-2008-2129.json | 150 ++++++------- 2008/2xxx/CVE-2008-2441.json | 180 ++++++++-------- 2012/0xxx/CVE-2012-0309.json | 190 ++++++++--------- 2012/0xxx/CVE-2012-0949.json | 160 +++++++------- 2012/1xxx/CVE-2012-1468.json | 140 ++++++------- 2012/1xxx/CVE-2012-1477.json | 120 +++++------ 2012/5xxx/CVE-2012-5567.json | 220 ++++++++++---------- 2012/5xxx/CVE-2012-5627.json | 190 ++++++++--------- 2012/5xxx/CVE-2012-5769.json | 150 ++++++------- 2012/5xxx/CVE-2012-5835.json | 370 ++++++++++++++++----------------- 2017/11xxx/CVE-2017-11745.json | 34 +-- 2017/3xxx/CVE-2017-3377.json | 166 +++++++-------- 2017/3xxx/CVE-2017-3890.json | 130 ++++++------ 2017/6xxx/CVE-2017-6569.json | 34 +-- 2017/7xxx/CVE-2017-7111.json | 190 ++++++++--------- 2017/7xxx/CVE-2017-7718.json | 280 ++++++++++++------------- 2017/7xxx/CVE-2017-7991.json | 140 ++++++------- 2017/8xxx/CVE-2017-8174.json | 122 +++++------ 2017/8xxx/CVE-2017-8574.json | 142 ++++++------- 2017/8xxx/CVE-2017-8648.json | 142 ++++++------- 2017/8xxx/CVE-2017-8654.json | 142 ++++++------- 2017/8xxx/CVE-2017-8940.json | 120 +++++------ 2018/10xxx/CVE-2018-10267.json | 130 ++++++------ 2018/10xxx/CVE-2018-10357.json | 140 ++++++------- 2018/10xxx/CVE-2018-10563.json | 130 ++++++------ 2018/10xxx/CVE-2018-10848.json | 34 +-- 2018/10xxx/CVE-2018-10966.json | 140 ++++++------- 2018/13xxx/CVE-2018-13144.json | 120 +++++------ 2018/13xxx/CVE-2018-13400.json | 246 +++++++++++----------- 2018/13xxx/CVE-2018-13462.json | 130 ++++++------ 2018/13xxx/CVE-2018-13722.json | 130 ++++++------ 2018/13xxx/CVE-2018-13732.json | 130 ++++++------ 2018/17xxx/CVE-2018-17722.json | 34 +-- 2018/17xxx/CVE-2018-17762.json | 34 +-- 2018/17xxx/CVE-2018-17994.json | 34 +-- 2018/9xxx/CVE-2018-9278.json | 34 +-- 2018/9xxx/CVE-2018-9815.json | 34 +-- 55 files changed, 4056 insertions(+), 4056 deletions(-) diff --git a/2002/1xxx/CVE-2002-1166.json b/2002/1xxx/CVE-2002-1166.json index 745142106e7..6fafc471fe6 100644 --- a/2002/1xxx/CVE-2002-1166.json +++ b/2002/1xxx/CVE-2002-1166.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1166", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1166", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html" - }, - { - "name" : "20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103340145725050&w=2" - }, - { - "name" : "9836", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9836" - }, - { - "name" : "wn-server-get-bo(10223)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10223.php" - }, - { - "name" : "5831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5831" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows remote attackers to execute arbitrary code via a long GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5831" + }, + { + "name": "20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0138.html" + }, + { + "name": "9836", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9836" + }, + { + "name": "20020930 iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103340145725050&w=2" + }, + { + "name": "wn-server-get-bo(10223)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10223.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1337.json b/2002/1xxx/CVE-2002-1337.json index 3a9d7039b87..65c43bfa674 100644 --- a/2002/1xxx/CVE-2002-1337.json +++ b/2002/1xxx/CVE-2002-1337.json @@ -1,182 +1,182 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1337", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1337", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030303 Remote Sendmail Header Processing Vulnerability", - "refsource" : "ISS", - "url" : "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950" - }, - { - "name" : "http://www.sendmail.org/8.12.8.html", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/8.12.8.html" - }, - { - "name" : "20030303 sendmail 8.12.8 available", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104673778105192&w=2" - }, - { - "name" : "20030304 [LSD] Technical analysis of the remote sendmail vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104678739608479&w=2" - }, - { - "name" : "CA-2003-07", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-07.html" - }, - { - "name" : "RHSA-2003:073", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-073.html" - }, - { - "name" : "RHSA-2003:074", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-074.html" - }, - { - "name" : "RHSA-2003:227", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-227.html" - }, - { - "name" : "20030301-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P" - }, - { - "name" : "IY40500", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only" - }, - { - "name" : "IY40501", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only" - }, - { - "name" : "IY40502", - "refsource" : "AIXAPAR", - "url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only" - }, - { - "name" : "MDKSA-2003:028", - "refsource" : "MANDRAKE", - "url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028" - }, - { - "name" : "NetBSD-SA2003-002", - "refsource" : "NETBSD", - "url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc" - }, - { - "name" : "CLA-2003:571", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571" - }, - { - "name" : "DSA-257", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-257" - }, - { - "name" : "HPSBUX0302-246", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=104679411316818&w=2" - }, - { - "name" : "CSSA-2003-SCO.6", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6" - }, - { - "name" : "CSSA-2003-SCO.5", - "refsource" : "CALDERA", - "url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5" - }, - { - "name" : "20030304 GLSA: sendmail (200303-4)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104678862409849&w=2" - }, - { - "name" : "20030303 Fwd: APPLE-SA-2003-03-03 sendmail", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=104678862109841&w=2" - }, - { - "name" : "VU#398025", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/398025" - }, - { - "name" : "6991", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6991" - }, - { - "name" : "oval:org.mitre.oval:def:2222", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222" - }, - { - "name" : "sendmail-header-processing-bo(10748)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10748.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:073", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-073.html" + }, + { + "name": "20030301-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P" + }, + { + "name": "IY40501", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only" + }, + { + "name": "20030303 Fwd: APPLE-SA-2003-03-03 sendmail", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104678862109841&w=2" + }, + { + "name": "RHSA-2003:227", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-227.html" + }, + { + "name": "6991", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6991" + }, + { + "name": "VU#398025", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/398025" + }, + { + "name": "http://www.sendmail.org/8.12.8.html", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/8.12.8.html" + }, + { + "name": "DSA-257", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-257" + }, + { + "name": "20030304 [LSD] Technical analysis of the remote sendmail vulnerability", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104678739608479&w=2" + }, + { + "name": "oval:org.mitre.oval:def:2222", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222" + }, + { + "name": "RHSA-2003:074", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-074.html" + }, + { + "name": "CA-2003-07", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-07.html" + }, + { + "name": "20030303 sendmail 8.12.8 available", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104673778105192&w=2" + }, + { + "name": "MDKSA-2003:028", + "refsource": "MANDRAKE", + "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028" + }, + { + "name": "IY40500", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only" + }, + { + "name": "sendmail-header-processing-bo(10748)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10748.php" + }, + { + "name": "CSSA-2003-SCO.6", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6" + }, + { + "name": "CSSA-2003-SCO.5", + "refsource": "CALDERA", + "url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5" + }, + { + "name": "CLA-2003:571", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571" + }, + { + "name": "NetBSD-SA2003-002", + "refsource": "NETBSD", + "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc" + }, + { + "name": "HPSBUX0302-246", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=104679411316818&w=2" + }, + { + "name": "20030303 Remote Sendmail Header Processing Vulnerability", + "refsource": "ISS", + "url": "http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950" + }, + { + "name": "IY40502", + "refsource": "AIXAPAR", + "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only" + }, + { + "name": "20030304 GLSA: sendmail (200303-4)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=104678862409849&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1785.json b/2002/1xxx/CVE-2002-1785.json index 7758a3cd87a..6dc1bd8fda3 100644 --- a/2002/1xxx/CVE-2002-1785.json +++ b/2002/1xxx/CVE-2002-1785.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bug", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0104.html" - }, - { - "name" : "20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/302961" - }, - { - "name" : "6144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6144" - }, - { - "name" : "zeus-admin-index-xss(10567)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10567.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Zeus Administration Server in Zeus Web Server 4.0 through 4.1r2 allows remote authenticated users to inject arbitrary web script or HTML via the section parameter to index.fcgi." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "zeus-admin-index-xss(10567)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10567.php" + }, + { + "name": "20021108 Zeus Admin Server v4.1r2 index.fcgi XSS bug", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0104.html" + }, + { + "name": "20021211 Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/302961" + }, + { + "name": "6144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6144" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0341.json b/2003/0xxx/CVE-2003-0341.json index 33aea68f2a4..4c5465fb558 100644 --- a/2003/0xxx/CVE-2003-0341.json +++ b/2003/0xxx/CVE-2003-0341.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0341", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0341", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030521 [AP] Owl Intranet Engine CSS Bug", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105353266220520&w=2" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 and earlier allows remote attackers to insert arbitrary script via the Search field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030521 [AP] Owl Intranet Engine CSS Bug", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105353266220520&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0364.json b/2003/0xxx/CVE-2003-0364.json index a4f1360d0cc..705df45c291 100644 --- a/2003/0xxx/CVE-2003-0364.json +++ b/2003/0xxx/CVE-2003-0364.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0364", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0364", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "RHSA-2003:187", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-187.html" - }, - { - "name" : "RHSA-2003:195", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-195.html" - }, - { - "name" : "RHSA-2003:198", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-198.html" - }, - { - "name" : "DSA-311", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-311" - }, - { - "name" : "DSA-312", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-312" - }, - { - "name" : "DSA-332", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-332" - }, - { - "name" : "DSA-336", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-336" - }, - { - "name" : "DSA-442", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-442" - }, - { - "name" : "TLSA-2003-41", - "refsource" : "TURBO", - "url" : "http://www.turbolinux.com/security/TLSA-2003-41.txt" - }, - { - "name" : "oval:org.mitre.oval:def:295", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2003:187", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-187.html" + }, + { + "name": "TLSA-2003-41", + "refsource": "TURBO", + "url": "http://www.turbolinux.com/security/TLSA-2003-41.txt" + }, + { + "name": "RHSA-2003:195", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-195.html" + }, + { + "name": "RHSA-2003:198", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-198.html" + }, + { + "name": "DSA-336", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-336" + }, + { + "name": "DSA-311", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-311" + }, + { + "name": "DSA-332", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-332" + }, + { + "name": "oval:org.mitre.oval:def:295", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A295" + }, + { + "name": "DSA-312", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-312" + }, + { + "name": "DSA-442", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-442" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0458.json b/2003/0xxx/CVE-2003-0458.json index 22fa4c43378..e8bd8d207d0 100644 --- a/2003/0xxx/CVE-2003-0458.json +++ b/2003/0xxx/CVE-2003-0458.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0458", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0458", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "SSRT3488", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/advisories/5545" - }, - { - "name" : "8080", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8080" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and G01.00 through G06.20, allows local users to gain additional privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SSRT3488", + "refsource": "HP", + "url": "http://www.securityfocus.com/advisories/5545" + }, + { + "name": "8080", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8080" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0965.json b/2003/0xxx/CVE-2003-0965.json index c06cac9ee42..7e387756f88 100644 --- a/2003/0xxx/CVE-2003-0965.json +++ b/2003/0xxx/CVE-2003-0965.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0965", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0965", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4", - "refsource" : "MLIST", - "url" : "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html" - }, - { - "name" : "CLA-2004:842", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842" - }, - { - "name" : "RHSA-2004:020", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-020.html" - }, - { - "name" : "DSA-436", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2004/dsa-436" - }, - { - "name" : "MDKSA-2004:013", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013" - }, - { - "name" : "3305", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3305" - }, - { - "name" : "10519", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10519" - }, - { - "name" : "mailman-admin-xss(14121)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121" - }, - { - "name" : "9336", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9336" - }, - { - "name" : "oval:org.mitre.oval:def:813", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:020", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-020.html" + }, + { + "name": "mailman-admin-xss(14121)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14121" + }, + { + "name": "10519", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10519" + }, + { + "name": "MDKSA-2004:013", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:013" + }, + { + "name": "9336", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9336" + }, + { + "name": "oval:org.mitre.oval:def:813", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A813" + }, + { + "name": "3305", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3305" + }, + { + "name": "[Mailman-Announce] 20031231 RELEASED Mailman 2.1.4", + "refsource": "MLIST", + "url": "http://mail.python.org/pipermail/mailman-announce/2003-December/000066.html" + }, + { + "name": "CLA-2004:842", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842" + }, + { + "name": "DSA-436", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2004/dsa-436" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0998.json b/2003/0xxx/CVE-2003-0998.json index 68717e483b6..ebca72ef47f 100644 --- a/2003/0xxx/CVE-2003-0998.json +++ b/2003/0xxx/CVE-2003-0998.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0998", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown \"potential system security vulnerability\" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0998", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.ca.com/techbases/rp/urc5x-secnote.html", - "refsource" : "CONFIRM", - "url" : "http://support.ca.com/techbases/rp/urc5x-secnote.html" - }, - { - "name" : "10420", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10420/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown \"potential system security vulnerability\" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10420", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10420/" + }, + { + "name": "http://support.ca.com/techbases/rp/urc5x-secnote.html", + "refsource": "CONFIRM", + "url": "http://support.ca.com/techbases/rp/urc5x-secnote.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1005.json b/2003/1xxx/CVE-2003-1005.json index 7c4e5f4af84..a8a8bdc3a98 100644 --- a/2003/1xxx/CVE-2003-1005.json +++ b/2003/1xxx/CVE-2003-1005.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1005", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1005", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2003-12-19", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html" - }, - { - "name" : "ESB-2003.0867", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=3704" - }, - { - "name" : "9266", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9266" - }, - { - "name" : "10474", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10474/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (service crash) via malformed ASN.1 sequences." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "10474", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10474/" + }, + { + "name": "APPLE-SA-2003-12-19", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2003/Dec/msg00001.html" + }, + { + "name": "9266", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9266" + }, + { + "name": "ESB-2003.0867", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=3704" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1006.json b/2003/1xxx/CVE-2003-1006.json index f18935e382c..0b9b379ffe7 100644 --- a/2003/1xxx/CVE-2003-1006.json +++ b/2003/1xxx/CVE-2003-1006.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031215 Buffer overflow/privilege escalation in MacOS X", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/347578" - }, - { - "name" : "20031216 Re: Buffer overflow/privilege escalation in MacOS X", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/347707" - }, - { - "name" : "20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/348097" - }, - { - "name" : "http://docs.info.apple.com/article.html?artnum=61798", - "refsource" : "CONFIRM", - "url" : "http://docs.info.apple.com/article.html?artnum=61798" - }, - { - "name" : "VU#878526", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/878526" - }, - { - "name" : "macos-cd9660-bo(13995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13995" - }, - { - "name" : "9228", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#878526", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/878526" + }, + { + "name": "20031215 Buffer overflow/privilege escalation in MacOS X", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/347578" + }, + { + "name": "20031216 Re: Buffer overflow/privilege escalation in MacOS X", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/347707" + }, + { + "name": "20031219 Re: Buffer overflow/privilege escalation in MacOS X - hfs.util also", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/348097" + }, + { + "name": "9228", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9228" + }, + { + "name": "http://docs.info.apple.com/article.html?artnum=61798", + "refsource": "CONFIRM", + "url": "http://docs.info.apple.com/article.html?artnum=61798" + }, + { + "name": "macos-cd9660-bo(13995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13995" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1279.json b/2003/1xxx/CVE-2003-1279.json index 691b0aac960..8f16def687f 100644 --- a/2003/1xxx/CVE-2003-1279.json +++ b/2003/1xxx/CVE-2003-1279.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1279", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1279", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030105 S-plus /tmp usage", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/305342" - }, - { - "name" : "1005896", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1005896" - }, - { - "name" : "7833", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/7833" - }, - { - "name" : "splus-tmp-file-symlink(11005)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/11005.php" - }, - { - "name" : "6530", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6530" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "S-PLUS 6.0 allows local users to overwrite arbitrary files and possibly elevate privileges via a symlink attack on (1) /tmp/__F8499 by Sqpe, (2) /tmp/PRINT.$$.out by PRINT, (3) /tmp/SUBST$PID.TXT and /tmp/ed.cmds$PID by mustfix.hlinks, (4) /tmp/file.1 and /tmp/file.2 by sas_get, (5) /tmp/file.1 by sas_vars, and (6) /tmp/sgml2html$$tmp /tmp/sgml2html$$tmp1 /tmp/sgml2html$$tmp2 by sglm2html." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1005896", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1005896" + }, + { + "name": "splus-tmp-file-symlink(11005)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/11005.php" + }, + { + "name": "20030105 S-plus /tmp usage", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/305342" + }, + { + "name": "6530", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6530" + }, + { + "name": "7833", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/7833" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0165.json b/2004/0xxx/CVE-2004-0165.json index e649981b2a1..799a8e61419 100644 --- a/2004/0xxx/CVE-2004-0165.json +++ b/2004/0xxx/CVE-2004-0165.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0165", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0165", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "A022304-1", - "refsource" : "ATSTAKE", - "url" : "http://www.atstake.com/research/advisories/2004/a022304-1.txt" - }, - { - "name" : "APPLE-SA-2004-02-23", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" - }, - { - "name" : "VU#841742", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/841742" - }, - { - "name" : "macos-pppd-format-string(15297)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15297" - }, - { - "name" : "9730", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9730" - }, - { - "name" : "6822", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/6822" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "APPLE-SA-2004-02-23", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html" + }, + { + "name": "macos-pppd-format-string(15297)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15297" + }, + { + "name": "VU#841742", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/841742" + }, + { + "name": "6822", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/6822" + }, + { + "name": "9730", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9730" + }, + { + "name": "A022304-1", + "refsource": "ATSTAKE", + "url": "http://www.atstake.com/research/advisories/2004/a022304-1.txt" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0369.json b/2004/0xxx/CVE-2004-0369.json index 14aaa5df840..0877a261c97 100644 --- a/2004/0xxx/CVE-2004-0369.json +++ b/2004/0xxx/CVE-2004-0369.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0369", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0369", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040826 Entrust LibKmp Library Buffer Overflow", - "refsource" : "ISS", - "url" : "http://xforce.iss.net/xforce/alerts/id/181" - }, - { - "name" : "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html", - "refsource" : "CONFIRM", - "url" : "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html" - }, - { - "name" : "ESB-2004.0538", - "refsource" : "AUSCERT", - "url" : "http://www.auscert.org.au/render.html?it=4339" - }, - { - "name" : "O-206", - "refsource" : "CIAC", - "url" : "http://www.ciac.org/ciac/bulletins/o-206.shtml" - }, - { - "name" : "11039", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11039" - }, - { - "name" : "isakmp-spi-size-bo(15669)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ESB-2004.0538", + "refsource": "AUSCERT", + "url": "http://www.auscert.org.au/render.html?it=4339" + }, + { + "name": "isakmp-spi-size-bo(15669)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15669" + }, + { + "name": "20040826 Entrust LibKmp Library Buffer Overflow", + "refsource": "ISS", + "url": "http://xforce.iss.net/xforce/alerts/id/181" + }, + { + "name": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html", + "refsource": "CONFIRM", + "url": "http://securityresponse.symantec.com/avcenter/security/Content/2004.08.26.html" + }, + { + "name": "O-206", + "refsource": "CIAC", + "url": "http://www.ciac.org/ciac/bulletins/o-206.shtml" + }, + { + "name": "11039", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11039" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0840.json b/2004/0xxx/CVE-2004-0840.json index 1bcdd6b4e11..ebb34496766 100644 --- a/2004/0xxx/CVE-2004-0840.json +++ b/2004/0xxx/CVE-2004-0840.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0840", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0840", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS04-035", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035" - }, - { - "name" : "VU#394792", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/394792" - }, - { - "name" : "11374", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11374" - }, - { - "name" : "oval:org.mitre.oval:def:2300", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2300" - }, - { - "name" : "oval:org.mitre.oval:def:3460", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3460" - }, - { - "name" : "oval:org.mitre.oval:def:5509", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5509" - }, - { - "name" : "win2k3-smtp-execute-code(17621)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17621" - }, - { - "name" : "win-ms04035-patch(17660)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17660" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:2300", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2300" + }, + { + "name": "oval:org.mitre.oval:def:5509", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5509" + }, + { + "name": "11374", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11374" + }, + { + "name": "MS04-035", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-035" + }, + { + "name": "win-ms04035-patch(17660)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17660" + }, + { + "name": "win2k3-smtp-execute-code(17621)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17621" + }, + { + "name": "oval:org.mitre.oval:def:3460", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3460" + }, + { + "name": "VU#394792", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/394792" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2367.json b/2004/2xxx/CVE-2004-2367.json index cbf08562009..cb5736d473e 100644 --- a/2004/2xxx/CVE-2004-2367.json +++ b/2004/2xxx/CVE-2004-2367.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2367", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2367", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html" - }, - { - "name" : "http://www.wftpd.com/bug_gpf.htm", - "refsource" : "CONFIRM", - "url" : "http://www.wftpd.com/bug_gpf.htm" - }, - { - "name" : "9908", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9908" - }, - { - "name" : "11160", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11160/" - }, - { - "name" : "wftpd-gui-dos(15510)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.wftpd.com/bug_gpf.htm", + "refsource": "CONFIRM", + "url": "http://www.wftpd.com/bug_gpf.htm" + }, + { + "name": "11160", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11160/" + }, + { + "name": "wftpd-gui-dos(15510)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15510" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/5JP0B20CAY.html" + }, + { + "name": "9908", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9908" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2482.json b/2004/2xxx/CVE-2004-2482.json index 1e123f7d20e..b2ac0b6b594 100644 --- a/2004/2xxx/CVE-2004-2482.json +++ b/2004/2xxx/CVE-2004-2482.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2482", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2482", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040708 Microsoft Word Email Object Data Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/368492" - }, - { - "name" : "10683", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/10683" - }, - { - "name" : "7769", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/7769" - }, - { - "name" : "12041", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12041" - }, - { - "name" : "microsoft-object-gain-access(16663)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16663" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "microsoft-object-gain-access(16663)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16663" + }, + { + "name": "7769", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/7769" + }, + { + "name": "20040708 Microsoft Word Email Object Data Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/368492" + }, + { + "name": "12041", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12041" + }, + { + "name": "10683", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/10683" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2658.json b/2004/2xxx/CVE-2004-2658.json index 8a995a815b4..b95eb12fd7f 100644 --- a/2004/2xxx/CVE-2004-2658.json +++ b/2004/2xxx/CVE-2004-2658.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2658", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2658", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.novell.com/techcenter/psdb/fa6c6a3e792bf79b1d85821c689ea578.html", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/techcenter/psdb/fa6c6a3e792bf79b1d85821c689ea578.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.novell.com/techcenter/psdb/fa6c6a3e792bf79b1d85821c689ea578.html", + "refsource": "CONFIRM", + "url": "http://support.novell.com/techcenter/psdb/fa6c6a3e792bf79b1d85821c689ea578.html" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2054.json b/2008/2xxx/CVE-2008-2054.json index 34216a446e4..9dcc3658364 100644 --- a/2008/2xxx/CVE-2008-2054.json +++ b/2008/2xxx/CVE-2008-2054.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2054", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2008-2054", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/", - "refsource" : "MISC", - "url" : "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/" - }, - { - "name" : "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml" - }, - { - "name" : "1020127", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020127" - }, - { - "name" : "30422", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30422" - }, - { - "name" : "ADV-2008-1687", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1687/references" - }, - { - "name" : "cisco-cwcs-unspecified-code-execution(42702)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "cisco-cwcs-unspecified-code-execution(42702)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42702" + }, + { + "name": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/", + "refsource": "MISC", + "url": "http://www.liquidmatrix.org/blog/2008/05/28/advisory-ciscoworks-arbitrary-code-execution-vulnerability/" + }, + { + "name": "1020127", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020127" + }, + { + "name": "ADV-2008-1687", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1687/references" + }, + { + "name": "30422", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30422" + }, + { + "name": "20080528 CiscoWorks Common Services Arbitrary Code Execution Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a00809a1f14.shtml" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2129.json b/2008/2xxx/CVE-2008-2129.json index 4fbfcd70a32..c62f439fba7 100644 --- a/2008/2xxx/CVE-2008-2129.json +++ b/2008/2xxx/CVE-2008-2129.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2129", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2129", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "5554", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/5554" - }, - { - "name" : "29096", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29096" - }, - { - "name" : "30123", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30123" - }, - { - "name" : "galleristic-index-sql-injection(42253)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42253" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5554", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/5554" + }, + { + "name": "29096", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29096" + }, + { + "name": "galleristic-index-sql-injection(42253)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42253" + }, + { + "name": "30123", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30123" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2441.json b/2008/2xxx/CVE-2008-2441.json index 4e8ab2c96a0..26b5fb161fc 100644 --- a/2008/2xxx/CVE-2008-2441.json +++ b/2008/2xxx/CVE-2008-2441.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2441", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2441", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080903 Cisco Secure ACS EAP Parsing Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495937/100/0/threaded" - }, - { - "name" : "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability", - "refsource" : "CISCO", - "url" : "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml" - }, - { - "name" : "30997", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30997" - }, - { - "name" : "1020814", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020814" - }, - { - "name" : "31731", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31731" - }, - { - "name" : "4216", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/4216" - }, - { - "name" : "cisco-sacs-eap-dos(44871)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1020814", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020814" + }, + { + "name": "20080903 Cisco Security Response: Cisco Secure ACS Denial Of Service Vulnerability", + "refsource": "CISCO", + "url": "http://www.cisco.com/warp/public/707/cisco-sr-20080903-csacs.shtml" + }, + { + "name": "31731", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31731" + }, + { + "name": "4216", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/4216" + }, + { + "name": "20080903 Cisco Secure ACS EAP Parsing Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495937/100/0/threaded" + }, + { + "name": "30997", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30997" + }, + { + "name": "cisco-sacs-eap-dos(44871)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44871" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0309.json b/2012/0xxx/CVE-2012-0309.json index c91ed360d7d..837b1a64ce2 100644 --- a/2012/0xxx/CVE-2012-0309.json +++ b/2012/0xxx/CVE-2012-0309.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0309", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-0309", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf", - "refsource" : "MISC", - "url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf" - }, - { - "name" : "http://www.cogentdatahub.com/ReleaseNotes.html", - "refsource" : "CONFIRM", - "url" : "http://www.cogentdatahub.com/ReleaseNotes.html" - }, - { - "name" : "JVN#12983784", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN12983784/index.html" - }, - { - "name" : "JVNDB-2012-000001", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001" - }, - { - "name" : "51375", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51375" - }, - { - "name" : "47496", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47496" - }, - { - "name" : "47525", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47525" - }, - { - "name" : "cogentdatahub-unspecified-xss(72305)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and earlier, Cascade DataHub 6.4.20 and earlier, and OPC DataHub 6.4.20 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVNDB-2012-000001", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000001" + }, + { + "name": "51375", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51375" + }, + { + "name": "http://www.cogentdatahub.com/ReleaseNotes.html", + "refsource": "CONFIRM", + "url": "http://www.cogentdatahub.com/ReleaseNotes.html" + }, + { + "name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf", + "refsource": "MISC", + "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf" + }, + { + "name": "47525", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47525" + }, + { + "name": "cogentdatahub-unspecified-xss(72305)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72305" + }, + { + "name": "JVN#12983784", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN12983784/index.html" + }, + { + "name": "47496", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47496" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0949.json b/2012/0xxx/CVE-2012-0949.json index a0cdc7f1c0d..1eccb9c3055 100644 --- a/2012/0xxx/CVE-2012-0949.json +++ b/2012/0xxx/CVE-2012-0949.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0949", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "security@ubuntu.com", + "ID": "CVE-2012-0949", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "USN-1443-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1443-1" - }, - { - "name" : "53605", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53605" - }, - { - "name" : "82020", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/82020" - }, - { - "name" : "49230", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/49230" - }, - { - "name" : "update-manager-archives-info-disclosure(75728)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75728" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, and 11.04 uploads certain system state archive files when reporting bugs to Launchpad, which allows remote attackers to read repository credentials by viewing a public bug report." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "update-manager-archives-info-disclosure(75728)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75728" + }, + { + "name": "USN-1443-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1443-1" + }, + { + "name": "49230", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/49230" + }, + { + "name": "82020", + "refsource": "OSVDB", + "url": "http://osvdb.org/82020" + }, + { + "name": "53605", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53605" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1468.json b/2012/1xxx/CVE-2012-1468.json index a7c293c506b..4da63da5685 100644 --- a/2012/1xxx/CVE-2012-1468.json +++ b/2012/1xxx/CVE-2012-1468.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1468", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1468", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.htbridge.com/advisory/HTB23079", - "refsource" : "MISC", - "url" : "https://www.htbridge.com/advisory/HTB23079" - }, - { - "name" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", - "refsource" : "CONFIRM", - "url" : "http://pkp.sfu.ca/ojs/RELEASE-2.3.7" - }, - { - "name" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", - "refsource" : "CONFIRM", - "url" : "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executable extension that is not \".php\", then accessing it via a direct request to the file in submission/original/ in the associated article directory, as demonstrated using .pHp, .asp, and other extensions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431", + "refsource": "CONFIRM", + "url": "http://pkp.sfu.ca/support/forum/viewtopic.php?f=2&t=8431" + }, + { + "name": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7", + "refsource": "CONFIRM", + "url": "http://pkp.sfu.ca/ojs/RELEASE-2.3.7" + }, + { + "name": "https://www.htbridge.com/advisory/HTB23079", + "refsource": "MISC", + "url": "https://www.htbridge.com/advisory/HTB23079" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1477.json b/2012/1xxx/CVE-2012-1477.json index 3dd817ab616..f8d8eb4a0bb 100644 --- a/2012/1xxx/CVE-2012-1477.json +++ b/2012/1xxx/CVE-2012-1477.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1477-vulnerability-in-Cnectd.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1477-vulnerability-in-Cnectd.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1477-vulnerability-in-Cnectd.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1477-vulnerability-in-Cnectd.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5567.json b/2012/5xxx/CVE-2012-5567.json index 1c5b961f75a..e0f7399a4aa 100644 --- a/2012/5xxx/CVE-2012-5567.json +++ b/2012/5xxx/CVE-2012-5567.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5567", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5567", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[announce] 20121114 Kronolith H4 (3.0.18) (final)", - "refsource" : "MLIST", - "url" : "http://lists.horde.org/archives/announce/2012/000836.html" - }, - { - "name" : "[oss-security] 20121123 CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/23/3" - }, - { - "name" : "[oss-security] 20121123 Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/23/7" - }, - { - "name" : "http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e", - "refsource" : "CONFIRM", - "url" : "http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=879684", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=879684" - }, - { - "name" : "https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES", - "refsource" : "CONFIRM", - "url" : "https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES" - }, - { - "name" : "openSUSE-SU-2012:1625", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html" - }, - { - "name" : "56541", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56541" - }, - { - "name" : "87345", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/87345" - }, - { - "name" : "51233", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51233" - }, - { - "name" : "51469", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51469" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith Calendar Application H4 before 3.0.18, as used in Horde Groupware Webmail Edition before 4.0.9, allow remote attackers to inject arbitrary web script or HTML via crafted event location parameters in the (1) month, (2) monthlist, or (3) prevmonthlist fields, related to portal blocks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES", + "refsource": "CONFIRM", + "url": "https://github.com/horde/horde/blob/d3dda2d47fad7eb128a0091e732cded0c2601009/kronolith/docs/CHANGES" + }, + { + "name": "openSUSE-SU-2012:1625", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00019.html" + }, + { + "name": "[oss-security] 20121123 CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/23/3" + }, + { + "name": "[oss-security] 20121123 Re: CVE Request -- kronolith: Two sets (3.0.17 && 3.0.18) of XSS flaws", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/23/7" + }, + { + "name": "51233", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51233" + }, + { + "name": "[announce] 20121114 Kronolith H4 (3.0.18) (final)", + "refsource": "MLIST", + "url": "http://lists.horde.org/archives/announce/2012/000836.html" + }, + { + "name": "51469", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51469" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=879684", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=879684" + }, + { + "name": "http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e", + "refsource": "CONFIRM", + "url": "http://git.horde.org/horde-git/-/commit/d865c564beb6e98532880aa51a04a79f3311cd1e" + }, + { + "name": "56541", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56541" + }, + { + "name": "87345", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/87345" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5627.json b/2012/5xxx/CVE-2012-5627.json index 0d8cf0eb66c..5d26581281e 100644 --- a/2012/5xxx/CVE-2012-5627.json +++ b/2012/5xxx/CVE-2012-5627.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5627", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5627", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20121203 MySQL Local/Remote FAST Account Password Cracking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Dec/58" - }, - { - "name" : "20121205 Re: MySQL Local/Remote FAST Account Password\tCracking", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2012/Dec/83" - }, - { - "name" : "[oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2012/q4/424" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883719", - "refsource" : "MISC", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883719" - }, - { - "name" : "https://mariadb.atlassian.net/browse/MDEV-3915", - "refsource" : "CONFIRM", - "url" : "https://mariadb.atlassian.net/browse/MDEV-3915" - }, - { - "name" : "GLSA-201308-06", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" - }, - { - "name" : "MDVSA-2013:102", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" - }, - { - "name" : "53372", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/53372" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20121203 MySQL Local/Remote FAST Account Password Cracking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Dec/58" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=883719", + "refsource": "MISC", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=883719" + }, + { + "name": "20121205 Re: MySQL Local/Remote FAST Account Password\tCracking", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2012/Dec/83" + }, + { + "name": "[oss-security] 20121206 Re: CVE request: Mysql/Mariadb insecure salt-usage", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2012/q4/424" + }, + { + "name": "MDVSA-2013:102", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:102" + }, + { + "name": "53372", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/53372" + }, + { + "name": "GLSA-201308-06", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201308-06.xml" + }, + { + "name": "https://mariadb.atlassian.net/browse/MDEV-3915", + "refsource": "CONFIRM", + "url": "https://mariadb.atlassian.net/browse/MDEV-3915" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5769.json b/2012/5xxx/CVE-2012-5769.json index 44da64d1e00..e12586024ba 100644 --- a/2012/5xxx/CVE-2012-5769.json +++ b/2012/5xxx/CVE-2012-5769.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5769", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-5769", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620758", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620758" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034122", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg24034122" - }, - { - "name" : "PM79454", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454" - }, - { - "name" : "spss-xml-access(80316)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80316" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 allows remote attackers to read arbitrary files, and possibly send HTTP requests to intranet servers or cause a denial of service (CPU and memory consumption), via an XML external entity declaration in conjunction with an entity reference." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "spss-xml-access(80316)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80316" + }, + { + "name": "PM79454", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM79454" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620758", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620758" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg24034122", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24034122" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5835.json b/2012/5xxx/CVE-2012-5835.json index 0a691dc2e09..b3be7cdc7f3 100644 --- a/2012/5xxx/CVE-2012-5835.json +++ b/2012/5xxx/CVE-2012-5835.json @@ -1,187 +1,187 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5835", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5835", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790879", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=790879" - }, - { - "name" : "MDVSA-2012:173", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" - }, - { - "name" : "RHSA-2012:1482", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" - }, - { - "name" : "RHSA-2012:1483", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" - }, - { - "name" : "openSUSE-SU-2012:1583", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" - }, - { - "name" : "openSUSE-SU-2012:1585", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" - }, - { - "name" : "openSUSE-SU-2012:1586", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" - }, - { - "name" : "SUSE-SU-2012:1592", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" - }, - { - "name" : "openSUSE-SU-2013:0175", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" - }, - { - "name" : "USN-1638-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-1" - }, - { - "name" : "USN-1638-3", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-3" - }, - { - "name" : "USN-1638-2", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1638-2" - }, - { - "name" : "USN-1636-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1636-1" - }, - { - "name" : "56643", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56643" - }, - { - "name" : "87601", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/87601" - }, - { - "name" : "oval:org.mitre.oval:def:16603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16603" - }, - { - "name" : "51359", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51359" - }, - { - "name" : "51360", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51360" - }, - { - "name" : "51369", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51369" - }, - { - "name" : "51381", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51381" - }, - { - "name" : "51434", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51434" - }, - { - "name" : "51439", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51439" - }, - { - "name" : "51440", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51440" - }, - { - "name" : "51370", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51370" - }, - { - "name" : "firefox-webgl-bufferdata-overflow(80185)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80185" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer overflow in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (invalid write operation) via crafted data." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "USN-1638-3", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-3" + }, + { + "name": "51370", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51370" + }, + { + "name": "USN-1638-2", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-2" + }, + { + "name": "openSUSE-SU-2012:1586", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" + }, + { + "name": "USN-1636-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1636-1" + }, + { + "name": "openSUSE-SU-2013:0175", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" + }, + { + "name": "RHSA-2012:1483", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html" + }, + { + "name": "RHSA-2012:1482", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html" + }, + { + "name": "51434", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51434" + }, + { + "name": "openSUSE-SU-2012:1583", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" + }, + { + "name": "51439", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51439" + }, + { + "name": "51440", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51440" + }, + { + "name": "USN-1638-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1638-1" + }, + { + "name": "SUSE-SU-2012:1592", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" + }, + { + "name": "51359", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51359" + }, + { + "name": "MDVSA-2012:173", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" + }, + { + "name": "openSUSE-SU-2012:1585", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" + }, + { + "name": "51381", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51381" + }, + { + "name": "firefox-webgl-bufferdata-overflow(80185)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80185" + }, + { + "name": "oval:org.mitre.oval:def:16603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16603" + }, + { + "name": "51369", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51369" + }, + { + "name": "51360", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51360" + }, + { + "name": "87601", + "refsource": "OSVDB", + "url": "http://osvdb.org/87601" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=790879", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=790879" + }, + { + "name": "56643", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56643" + } + ] + } +} \ No newline at end of file diff --git a/2017/11xxx/CVE-2017-11745.json b/2017/11xxx/CVE-2017-11745.json index 13bb18611b3..eb7dfa39176 100644 --- a/2017/11xxx/CVE-2017-11745.json +++ b/2017/11xxx/CVE-2017-11745.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-11745", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-11745", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3377.json b/2017/3xxx/CVE-2017-3377.json index 4642ceaeb0b..457104ca0bc 100644 --- a/2017/3xxx/CVE-2017-3377.json +++ b/2017/3xxx/CVE-2017-3377.json @@ -1,85 +1,85 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3377", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Advanced Outbound Telephony", - "version" : { - "version_data" : [ - { - "version_value" : "12.1.1" - }, - { - "version_value" : "12.1.2" - }, - { - "version_value" : "12.1.3" - }, - { - "version_value" : "12.2.3" - }, - { - "version_value" : "12.2.4" - }, - { - "version_value" : "12.2.5" - }, - { - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3377", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Advanced Outbound Telephony", + "version": { + "version_data": [ + { + "version_value": "12.1.1" + }, + { + "version_value": "12.1.2" + }, + { + "version_value": "12.1.3" + }, + { + "version_value": "12.2.3" + }, + { + "version_value": "12.2.4" + }, + { + "version_value": "12.2.5" + }, + { + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95531" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95531" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3890.json b/2017/3xxx/CVE-2017-3890.json index be9b41721d5..696e82be720 100644 --- a/2017/3xxx/CVE-2017-3890.json +++ b/2017/3xxx/CVE-2017-3890.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@blackberry.com", - "ID" : "CVE-2017-3890", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BlackBerry WatchDox Server", - "version" : { - "version_data" : [ - { - "version_value" : "BlackBerry WatchDox Server" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "cross-site scripting" - } + "CVE_data_meta": { + "ASSIGNER": "secure@blackberry.com", + "ID": "CVE-2017-3890", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BlackBerry WatchDox Server", + "version": { + "version_data": [ + { + "version_value": "BlackBerry WatchDox Server" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915", - "refsource" : "CONFIRM", - "url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915" - }, - { - "name" : "95442", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95442" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browser by persuading a user to click an attacker-supplied malicious link." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "cross-site scripting" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95442", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95442" + }, + { + "name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915", + "refsource": "CONFIRM", + "url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000038915" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6569.json b/2017/6xxx/CVE-2017-6569.json index 44cf15fbc7f..33d1226a873 100644 --- a/2017/6xxx/CVE-2017-6569.json +++ b/2017/6xxx/CVE-2017-6569.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6569", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6569", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7111.json b/2017/7xxx/CVE-2017-7111.json index 6f268543650..9523a71278f 100644 --- a/2017/7xxx/CVE-2017-7111.json +++ b/2017/7xxx/CVE-2017-7111.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100986", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100986" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "100986", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100986" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7718.json b/2017/7xxx/CVE-2017-7718.json index cc3067e356c..23e2052aafa 100644 --- a/2017/7xxx/CVE-2017-7718.json +++ b/2017/7xxx/CVE-2017-7718.json @@ -1,142 +1,142 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7718", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7718", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/04/19/4" - }, - { - "name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" - }, - { - "name" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904", - "refsource" : "CONFIRM", - "url" : "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1443441", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1443441" - }, - { - "name" : "GLSA-201706-03", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201706-03" - }, - { - "name" : "RHSA-2017:0980", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0980" - }, - { - "name" : "RHSA-2017:0981", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0981" - }, - { - "name" : "RHSA-2017:0982", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0982" - }, - { - "name" : "RHSA-2017:0983", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0983" - }, - { - "name" : "RHSA-2017:0984", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0984" - }, - { - "name" : "RHSA-2017:0988", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:0988" - }, - { - "name" : "RHSA-2017:1205", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1205" - }, - { - "name" : "RHSA-2017:1206", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1206" - }, - { - "name" : "RHSA-2017:1430", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1430" - }, - { - "name" : "RHSA-2017:1431", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1431" - }, - { - "name" : "RHSA-2017:1441", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1441" - }, - { - "name" : "97957", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97957" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97957", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97957" + }, + { + "name": "RHSA-2017:0983", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0983" + }, + { + "name": "RHSA-2017:0982", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0982" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443441" + }, + { + "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" + }, + { + "name": "RHSA-2017:1430", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1430" + }, + { + "name": "GLSA-201706-03", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201706-03" + }, + { + "name": "RHSA-2017:1206", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1206" + }, + { + "name": "RHSA-2017:1431", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1431" + }, + { + "name": "RHSA-2017:0984", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0984" + }, + { + "name": "RHSA-2017:0988", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0988" + }, + { + "name": "RHSA-2017:1441", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1441" + }, + { + "name": "[oss-security] 20170419 CVE-2017-7718 Qemu: display: cirrus: OOB read access issue", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/04/19/4" + }, + { + "name": "RHSA-2017:0981", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0981" + }, + { + "name": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904", + "refsource": "CONFIRM", + "url": "http://git.qemu-project.org/?p=qemu.git;a=commit;h=215902d7b6fb50c6fc216fc74f770858278ed904" + }, + { + "name": "RHSA-2017:0980", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:0980" + }, + { + "name": "RHSA-2017:1205", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1205" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7991.json b/2017/7xxx/CVE-2017-7991.json index f296a1fdc9e..83f252e1083 100644 --- a/2017/7xxx/CVE-2017-7991.json +++ b/2017/7xxx/CVE-2017-7991.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7991", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7991", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://seclists.org/fulldisclosure/2017/Apr/78", - "refsource" : "MISC", - "url" : "http://seclists.org/fulldisclosure/2017/Apr/78" - }, - { - "name" : "https://gist.github.com/404notf0und/ab59234d71fbf35b4926ffd646324f29", - "refsource" : "MISC", - "url" : "https://gist.github.com/404notf0und/ab59234d71fbf35b4926ffd646324f29" - }, - { - "name" : "https://packetstormsecurity.com/files/142258/Exponent-CMS-2.4.1-SQL-Injection.html", - "refsource" : "MISC", - "url" : "https://packetstormsecurity.com/files/142258/Exponent-CMS-2.4.1-SQL-Injection.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://packetstormsecurity.com/files/142258/Exponent-CMS-2.4.1-SQL-Injection.html", + "refsource": "MISC", + "url": "https://packetstormsecurity.com/files/142258/Exponent-CMS-2.4.1-SQL-Injection.html" + }, + { + "name": "http://seclists.org/fulldisclosure/2017/Apr/78", + "refsource": "MISC", + "url": "http://seclists.org/fulldisclosure/2017/Apr/78" + }, + { + "name": "https://gist.github.com/404notf0und/ab59234d71fbf35b4926ffd646324f29", + "refsource": "MISC", + "url": "https://gist.github.com/404notf0und/ab59234d71fbf35b4926ffd646324f29" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8174.json b/2017/8xxx/CVE-2017-8174.json index c00eafcf100..ebfab050572 100644 --- a/2017/8xxx/CVE-2017-8174.json +++ b/2017/8xxx/CVE-2017-8174.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Secospace USG6300,Secospace USG6600", - "version" : { - "version_data" : [ - { - "version_value" : "V100R001C30SPC300,V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Weak Algorithm" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Secospace USG6300,Secospace USG6600", + "version": { + "version_data": [ + { + "version_value": "V100R001C30SPC300,V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Huawei USG6300 V100R001C30SPC300 and USG6600 with software of V100R001C30SPC500,V100R001C30SPC600,V100R001C30SPC700,V100R001C30SPC800 have a weak algorithm vulnerability. Attackers may exploit the weak algorithm vulnerability to crack the cipher text and cause confidential information leaks on the transmission links." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Weak Algorithm" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170802-01-usg-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8574.json b/2017/8xxx/CVE-2017-8574.json index ab4663cfdde..18f7dbac487 100644 --- a/2017/8xxx/CVE-2017-8574.json +++ b/2017/8xxx/CVE-2017-8574.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-07-11T00:00:00", - "ID" : "CVE-2017-8574", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows 10 1607, 1703, and Windows Server 2016", - "version" : { - "version_data" : [ - { - "version_value" : "Graphics" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-07-11T00:00:00", + "ID": "CVE-2017-8574", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows 10 1607, 1703, and Windows Server 2016", + "version": { + "version_data": [ + { + "version_value": "Graphics" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8574", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8574" - }, - { - "name" : "99438", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99438" - }, - { - "name" : "1038856", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038856" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Microsoft Graphics Component Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8573 and CVE-2017-8556." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8574", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8574" + }, + { + "name": "1038856", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038856" + }, + { + "name": "99438", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99438" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8648.json b/2017/8xxx/CVE-2017-8648.json index f95f8c0450a..7fd225ece96 100644 --- a/2017/8xxx/CVE-2017-8648.json +++ b/2017/8xxx/CVE-2017-8648.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-09-12T00:00:00", - "ID" : "CVE-2017-8648", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Edge", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft Windows Version 1703" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Information Disclosure" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-09-12T00:00:00", + "ID": "CVE-2017-8648", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Edge", + "version": { + "version_data": [ + { + "version_value": "Microsoft Windows Version 1703" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648" - }, - { - "name" : "100750", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100750" - }, - { - "name" : "1039326", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability\". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8643." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Information Disclosure" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039326", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039326" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8648" + }, + { + "name": "100750", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100750" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8654.json b/2017/8xxx/CVE-2017-8654.json index 74d0994ef25..14a1fec5921 100644 --- a/2017/8xxx/CVE-2017-8654.json +++ b/2017/8xxx/CVE-2017-8654.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "DATE_PUBLIC" : "2017-08-08T00:00:00", - "ID" : "CVE-2017-8654", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Office", - "version" : { - "version_data" : [ - { - "version_value" : "Microsoft SharePoint Server 2010 Service Pack 2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability\"." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Elevation of Privilege" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "DATE_PUBLIC": "2017-08-08T00:00:00", + "ID": "CVE-2017-8654", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Office", + "version": { + "version_data": [ + { + "version_value": "Microsoft SharePoint Server 2010 Service Pack 2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654", - "refsource" : "CONFIRM", - "url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654" - }, - { - "name" : "100064", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100064" - }, - { - "name" : "1039111", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039111" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft Office SharePoint XSS Vulnerability\"." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Elevation of Privilege" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039111", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039111" + }, + { + "name": "100064", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100064" + }, + { + "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654", + "refsource": "CONFIRM", + "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8654" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8940.json b/2017/8xxx/CVE-2017-8940.json index 1ff9425734c..9c9d3d2813a 100644 --- a/2017/8xxx/CVE-2017-8940.json +++ b/2017/8xxx/CVE-2017-8940.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8940", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8940", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", - "refsource" : "MISC", - "url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", + "refsource": "MISC", + "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10267.json b/2018/10xxx/CVE-2018-10267.json index a9eb5b1e70e..d3d58bf78b2 100644 --- a/2018/10xxx/CVE-2018-10267.json +++ b/2018/10xxx/CVE-2018-10267.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/taosir/wtcms/issues/1", - "refsource" : "MISC", - "url" : "https://github.com/taosir/wtcms/issues/1" - }, - { - "name" : "https://www.hackpwn.me/2018/04/21/1/", - "refsource" : "MISC", - "url" : "https://www.hackpwn.me/2018/04/21/1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/taosir/wtcms/issues/1", + "refsource": "MISC", + "url": "https://github.com/taosir/wtcms/issues/1" + }, + { + "name": "https://www.hackpwn.me/2018/04/21/1/", + "refsource": "MISC", + "url": "https://www.hackpwn.me/2018/04/21/1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10357.json b/2018/10xxx/CVE-2018-10357.json index f379ea52e5d..e45345212f1 100644 --- a/2018/10xxx/CVE-2018-10357.json +++ b/2018/10xxx/CVE-2018-10357.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@trendmicro.com", - "ID" : "CVE-2018-10357", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Trend Micro Endpoint Application Control", - "version" : { - "version_data" : [ - { - "version_value" : "2.0" - } - ] - } - } - ] - }, - "vendor_name" : "Trend Micro" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Directory Traversal" - } + "CVE_data_meta": { + "ASSIGNER": "security@trendmicro.com", + "ID": "CVE-2018-10357", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Trend Micro Endpoint Application Control", + "version": { + "version_data": [ + { + "version_value": "2.0" + } + ] + } + } + ] + }, + "vendor_name": "Trend Micro" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-469/", - "refsource" : "MISC", - "url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-469/" - }, - { - "name" : "https://success.trendmicro.com/solution/1119811", - "refsource" : "CONFIRM", - "url" : "https://success.trendmicro.com/solution/1119811" - }, - { - "name" : "104355", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104355" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A directory traversal vulnerability in Trend Micro Endpoint Application Control 2.0 could allow a remote attacker to execute arbitrary code on vulnerable installations due to a flaw in the FileDrop servlet. Authentication is required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Directory Traversal" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.zerodayinitiative.com/advisories/ZDI-18-469/", + "refsource": "MISC", + "url": "https://www.zerodayinitiative.com/advisories/ZDI-18-469/" + }, + { + "name": "104355", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104355" + }, + { + "name": "https://success.trendmicro.com/solution/1119811", + "refsource": "CONFIRM", + "url": "https://success.trendmicro.com/solution/1119811" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10563.json b/2018/10xxx/CVE-2018-10563.json index 20479671c18..a084b34ed54 100644 --- a/2018/10xxx/CVE-2018-10563.json +++ b/2018/10xxx/CVE-2018-10563.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10563", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10563", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20180501 XSS in Flexense SyncBreeze, affects all versions", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2018/May/4" - }, - { - "name" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions", - "refsource" : "MISC", - "url" : "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An XSS in Flexense SyncBreeze affects all versions (tested from SyncBreeze Enterprise from v10.1 to v10.7)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20180501 XSS in Flexense SyncBreeze, affects all versions", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2018/May/4" + }, + { + "name": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions", + "refsource": "MISC", + "url": "http://blog.n0ipr0cs.io/post/2018/04/29/XSS-Flexense-DiskBoss-Enterprise-all-versions" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10848.json b/2018/10xxx/CVE-2018-10848.json index 660e5ca35ec..645f9566af2 100644 --- a/2018/10xxx/CVE-2018-10848.json +++ b/2018/10xxx/CVE-2018-10848.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10848", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12532. Reason: This candidate is a reservation duplicate of CVE-2018-12532. Notes: All CVE users should reference CVE-2018-12532 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-10848", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-12532. Reason: This candidate is a reservation duplicate of CVE-2018-12532. Notes: All CVE users should reference CVE-2018-12532 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10966.json b/2018/10xxx/CVE-2018-10966.json index c7670231a15..75880576b2e 100644 --- a/2018/10xxx/CVE-2018-10966.json +++ b/2018/10xxx/CVE-2018-10966.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10966", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10966", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/GamerPolls/gamerpolls.com/pull/56", - "refsource" : "MISC", - "url" : "https://github.com/GamerPolls/gamerpolls.com/pull/56" - }, - { - "name" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune", - "refsource" : "MISC", - "url" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune" - }, - { - "name" : "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58", - "refsource" : "CONFIRM", - "url" : "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in GamerPolls 0.4.6, related to config/environments/all.js and config/initializers/02_passport.js. An attacker can edit the Passport.js contents of the session cookie to contain the ID number of the account they wish to take over, and re-sign it using the hard coded secret." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/GamerPolls/gamerpolls.com/pull/56", + "refsource": "MISC", + "url": "https://github.com/GamerPolls/gamerpolls.com/pull/56" + }, + { + "name": "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58", + "refsource": "CONFIRM", + "url": "https://github.com/GamerPolls/gamerpolls.com/blob/03ccbaf219410e0a45390d0efc12017f08a25282/config/environments/all.js#L58" + }, + { + "name": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune", + "refsource": "MISC", + "url": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13144.json b/2018/13xxx/CVE-2018-13144.json index 13d8471cb20..5793348acfd 100644 --- a/2018/13xxx/CVE-2018-13144.json +++ b/2018/13xxx/CVE-2018-13144.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/safecomet/EtherTokens/blob/master/Pandora%20(PDX)/Pandora%20(PDX).md", - "refsource" : "MISC", - "url" : "https://github.com/safecomet/EtherTokens/blob/master/Pandora%20(PDX)/Pandora%20(PDX).md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The transfer and transferFrom functions of a smart contract implementation for Pandora (PDX), an Ethereum token, have an integer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/safecomet/EtherTokens/blob/master/Pandora%20(PDX)/Pandora%20(PDX).md", + "refsource": "MISC", + "url": "https://github.com/safecomet/EtherTokens/blob/master/Pandora%20(PDX)/Pandora%20(PDX).md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13400.json b/2018/13xxx/CVE-2018-13400.json index 5c9049c399d..af0bfd395d4 100644 --- a/2018/13xxx/CVE-2018-13400.json +++ b/2018/13xxx/CVE-2018-13400.json @@ -1,125 +1,125 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "security@atlassian.com", - "DATE_PUBLIC" : "2018-10-23T00:00:00", - "ID" : "CVE-2018-13400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Jira", - "version" : { - "version_data" : [ - { - "version_affected" : "<", - "version_value" : "7.6.9" - }, - { - "version_affected" : ">=", - "version_value" : "7.7.0" - }, - { - "version_affected" : "<", - "version_value" : "7.7.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.8.0" - }, - { - "version_affected" : "<", - "version_value" : "7.8.5" - }, - { - "version_affected" : ">=", - "version_value" : "7.9.0" - }, - { - "version_affected" : "<", - "version_value" : "7.9.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.10.0" - }, - { - "version_affected" : "<", - "version_value" : "7.10.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.11.0" - }, - { - "version_affected" : "<", - "version_value" : "7.11.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.12.0" - }, - { - "version_affected" : "<", - "version_value" : "7.12.3" - }, - { - "version_affected" : ">=", - "version_value" : "7.13.0" - }, - { - "version_affected" : "<", - "version_value" : "7.13.1" - } - ] - } - } - ] - }, - "vendor_name" : "Atlassian" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Improper Access Control" - } + "CVE_data_meta": { + "ASSIGNER": "security@atlassian.com", + "DATE_PUBLIC": "2018-10-23T00:00:00", + "ID": "CVE-2018-13400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Jira", + "version": { + "version_data": [ + { + "version_affected": "<", + "version_value": "7.6.9" + }, + { + "version_affected": ">=", + "version_value": "7.7.0" + }, + { + "version_affected": "<", + "version_value": "7.7.5" + }, + { + "version_affected": ">=", + "version_value": "7.8.0" + }, + { + "version_affected": "<", + "version_value": "7.8.5" + }, + { + "version_affected": ">=", + "version_value": "7.9.0" + }, + { + "version_affected": "<", + "version_value": "7.9.3" + }, + { + "version_affected": ">=", + "version_value": "7.10.0" + }, + { + "version_affected": "<", + "version_value": "7.10.3" + }, + { + "version_affected": ">=", + "version_value": "7.11.0" + }, + { + "version_affected": "<", + "version_value": "7.11.3" + }, + { + "version_affected": ">=", + "version_value": "7.12.0" + }, + { + "version_affected": "<", + "version_value": "7.12.3" + }, + { + "version_affected": ">=", + "version_value": "7.13.0" + }, + { + "version_affected": "<", + "version_value": "7.13.1" + } + ] + } + } + ] + }, + "vendor_name": "Atlassian" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://jira.atlassian.com/browse/JRASERVER-68138", - "refsource" : "CONFIRM", - "url" : "https://jira.atlassian.com/browse/JRASERVER-68138" - }, - { - "name" : "105751", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105751" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from version 7.12.0 before version 7.12.3, and before version 7.13.1 allow remote attackers who have obtained access to administrator's session to access certain administrative resources without needing to re-authenticate to pass \"WebSudo\" through an improper access control vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Improper Access Control" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://jira.atlassian.com/browse/JRASERVER-68138", + "refsource": "CONFIRM", + "url": "https://jira.atlassian.com/browse/JRASERVER-68138" + }, + { + "name": "105751", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105751" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13462.json b/2018/13xxx/CVE-2018-13462.json index 7ad3cc97330..5c99e5a0489 100644 --- a/2018/13xxx/CVE-2018-13462.json +++ b/2018/13xxx/CVE-2018-13462.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13462", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13462", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoonToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoonToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for MoonToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoonToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/MoonToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13722.json b/2018/13xxx/CVE-2018-13722.json index 35e6e460049..6e039abb518 100644 --- a/2018/13xxx/CVE-2018-13722.json +++ b/2018/13xxx/CVE-2018-13722.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13722", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13722", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mint function of a smart contract implementation for HYIPToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HYIPToken" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13732.json b/2018/13xxx/CVE-2018-13732.json index 0a29f1cf920..0d785314b51 100644 --- a/2018/13xxx/CVE-2018-13732.json +++ b/2018/13xxx/CVE-2018-13732.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13732", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13732", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17722.json b/2018/17xxx/CVE-2018-17722.json index 330364b571b..39410e1e5fb 100644 --- a/2018/17xxx/CVE-2018-17722.json +++ b/2018/17xxx/CVE-2018-17722.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17722", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17722", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17762.json b/2018/17xxx/CVE-2018-17762.json index 8c17b560631..fb95543803e 100644 --- a/2018/17xxx/CVE-2018-17762.json +++ b/2018/17xxx/CVE-2018-17762.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17762", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17762", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17994.json b/2018/17xxx/CVE-2018-17994.json index 656e0ae1db5..1c2759bec3a 100644 --- a/2018/17xxx/CVE-2018-17994.json +++ b/2018/17xxx/CVE-2018-17994.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17994", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17994", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9278.json b/2018/9xxx/CVE-2018-9278.json index b6c9ad422db..dc2f35dd24f 100644 --- a/2018/9xxx/CVE-2018-9278.json +++ b/2018/9xxx/CVE-2018-9278.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9278", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9278", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9815.json b/2018/9xxx/CVE-2018-9815.json index e0b52e1c7a8..6fc2d335058 100644 --- a/2018/9xxx/CVE-2018-9815.json +++ b/2018/9xxx/CVE-2018-9815.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9815", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9815", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file