From 788e7e172bed33a8d3656e4f4d6f94e638e6f4d4 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Mon, 18 Mar 2019 06:16:31 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0473.json | 190 ++++++++++----------- 2002/0xxx/CVE-2002-0565.json | 170 +++++++++---------- 2002/1xxx/CVE-2002-1174.json | 200 +++++++++++------------ 2002/1xxx/CVE-2002-1321.json | 160 +++++++++--------- 2002/1xxx/CVE-2002-1746.json | 130 +++++++-------- 2003/0xxx/CVE-2003-0465.json | 150 ++++++++--------- 2003/0xxx/CVE-2003-0477.json | 130 +++++++-------- 2003/0xxx/CVE-2003-0562.json | 170 +++++++++---------- 2003/0xxx/CVE-2003-0694.json | 290 ++++++++++++++++----------------- 2012/0xxx/CVE-2012-0278.json | 140 ++++++++-------- 2012/0xxx/CVE-2012-0465.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0642.json | 160 +++++++++--------- 2012/0xxx/CVE-2012-0744.json | 150 ++++++++--------- 2012/1xxx/CVE-2012-1363.json | 34 ++-- 2012/1xxx/CVE-2012-1492.json | 34 ++-- 2012/1xxx/CVE-2012-1700.json | 130 +++++++-------- 2012/3xxx/CVE-2012-3302.json | 140 ++++++++-------- 2012/3xxx/CVE-2012-3610.json | 170 +++++++++---------- 2012/4xxx/CVE-2012-4088.json | 140 ++++++++-------- 2012/4xxx/CVE-2012-4789.json | 34 ++-- 2017/2xxx/CVE-2017-2040.json | 34 ++-- 2017/2xxx/CVE-2017-2067.json | 34 ++-- 2017/2xxx/CVE-2017-2090.json | 140 ++++++++-------- 2017/2xxx/CVE-2017-2111.json | 240 +++++++++++++-------------- 2017/2xxx/CVE-2017-2223.json | 260 ++++++++++++++--------------- 2017/2xxx/CVE-2017-2450.json | 170 +++++++++---------- 2017/2xxx/CVE-2017-2674.json | 170 +++++++++---------- 2017/3xxx/CVE-2017-3292.json | 146 ++++++++--------- 2017/3xxx/CVE-2017-3821.json | 140 ++++++++-------- 2017/6xxx/CVE-2017-6094.json | 120 +++++++------- 2017/6xxx/CVE-2017-6345.json | 180 ++++++++++---------- 2017/6xxx/CVE-2017-6402.json | 130 +++++++-------- 2017/6xxx/CVE-2017-6917.json | 130 +++++++-------- 2017/6xxx/CVE-2017-6977.json | 130 +++++++-------- 2017/7xxx/CVE-2017-7031.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7108.json | 170 +++++++++---------- 2017/7xxx/CVE-2017-7250.json | 140 ++++++++-------- 2017/7xxx/CVE-2017-7480.json | 132 +++++++-------- 2018/10xxx/CVE-2018-10000.json | 120 +++++++------- 2018/10xxx/CVE-2018-10138.json | 120 +++++++------- 2018/10xxx/CVE-2018-10220.json | 120 +++++++------- 2018/10xxx/CVE-2018-10326.json | 120 +++++++------- 2018/10xxx/CVE-2018-10788.json | 34 ++-- 2018/14xxx/CVE-2018-14299.json | 130 +++++++-------- 2018/14xxx/CVE-2018-14614.json | 135 +++++++-------- 2018/14xxx/CVE-2018-14672.json | 34 ++-- 2018/14xxx/CVE-2018-14805.json | 142 ++++++++-------- 2018/15xxx/CVE-2018-15324.json | 120 +++++++------- 2018/15xxx/CVE-2018-15554.json | 34 ++-- 2018/20xxx/CVE-2018-20039.json | 34 ++-- 2018/20xxx/CVE-2018-20293.json | 34 ++-- 2018/20xxx/CVE-2018-20430.json | 170 +++++++++---------- 2018/20xxx/CVE-2018-20686.json | 34 ++-- 2018/9xxx/CVE-2018-9494.json | 34 ++-- 2018/9xxx/CVE-2018-9711.json | 34 ++-- 2018/9xxx/CVE-2018-9715.json | 34 ++-- 56 files changed, 3488 insertions(+), 3483 deletions(-) diff --git a/2002/0xxx/CVE-2002-0473.json b/2002/0xxx/CVE-2002-0473.json index fedb52b3a76..02d13e9738b 100644 --- a/2002/0xxx/CVE-2002-0473.json +++ b/2002/0xxx/CVE-2002-0473.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0473", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0473", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020318 phpBB2 remote execution command", - "refsource" : "VULN-DEV", - "url" : "http://online.securityfocus.com/archive/82/262600" - }, - { - "name" : "20020318 Re: phpBB2 remote execution command (fwd)", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html" - }, - { - "name" : "20020318 phpBB2 remote execution command", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html" - }, - { - "name" : "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip", - "refsource" : "CONFIRM", - "url" : "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip" - }, - { - "name" : "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483", - "refsource" : "MISC", - "url" : "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483" - }, - { - "name" : "4380", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4380" - }, - { - "name" : "phpbb-db-command-execution(8476)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/8476.php" - }, - { - "name" : "4268", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483", + "refsource": "MISC", + "url": "http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483" + }, + { + "name": "20020318 phpBB2 remote execution command", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html" + }, + { + "name": "phpbb-db-command-execution(8476)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/8476.php" + }, + { + "name": "4380", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4380" + }, + { + "name": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip", + "refsource": "CONFIRM", + "url": "http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip" + }, + { + "name": "4268", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4268" + }, + { + "name": "20020318 phpBB2 remote execution command", + "refsource": "VULN-DEV", + "url": "http://online.securityfocus.com/archive/82/262600" + }, + { + "name": "20020318 Re: phpBB2 remote execution command (fwd)", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0565.json b/2002/0xxx/CVE-2002-0565.json index ce9d4c5d0fd..620cf422ac5 100644 --- a/2002/0xxx/CVE-2002-0565.json +++ b/2002/0xxx/CVE-2002-0565.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0565", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0565", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020206 JSP translation file access under Oracle 9iAS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=101301440005580&w=2" - }, - { - "name" : "CA-2002-08", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2002-08.html" - }, - { - "name" : "VU#547459", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/547459" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" - }, - { - "name" : "4034", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4034" - }, - { - "name" : "oracle-appserver-oraclejsp-view-info(8100)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CA-2002-08", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2002-08.html" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" + }, + { + "name": "VU#547459", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/547459" + }, + { + "name": "oracle-appserver-oraclejsp-view-info(8100)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8100" + }, + { + "name": "4034", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4034" + }, + { + "name": "20020206 JSP translation file access under Oracle 9iAS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=101301440005580&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1174.json b/2002/1xxx/CVE-2002-1174.json index 9ef254cd8f2..5352fdfbd8c 100644 --- a/2002/1xxx/CVE-2002-1174.json +++ b/2002/1xxx/CVE-2002-1174.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103340148625187&w=2" - }, - { - "name" : "MDKSA-2002:063", - "refsource" : "MANDRAKE", - "url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php" - }, - { - "name" : "DSA-171", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-171" - }, - { - "name" : "CLA-2002:531", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531" - }, - { - "name" : "RHSA-2002:215", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2002-215.html" - }, - { - "name" : "ESA-20021003-023", - "refsource" : "ENGARDE", - "url" : "http://www.linuxsecurity.com/advisories/other_advisory-2402.html" - }, - { - "name" : "fetchmail-multidrop-bo(10203)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10203.php" - }, - { - "name" : "5825", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5825" - }, - { - "name" : "5827", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5827" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "MDKSA-2002:063", + "refsource": "MANDRAKE", + "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-063.php" + }, + { + "name": "5827", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5827" + }, + { + "name": "20020929 Advisory 03/2002: Fetchmail remote vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103340148625187&w=2" + }, + { + "name": "5825", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5825" + }, + { + "name": "RHSA-2002:215", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2002-215.html" + }, + { + "name": "fetchmail-multidrop-bo(10203)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10203.php" + }, + { + "name": "CLA-2002:531", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531" + }, + { + "name": "ESA-20021003-023", + "refsource": "ENGARDE", + "url": "http://www.linuxsecurity.com/advisories/other_advisory-2402.html" + }, + { + "name": "DSA-171", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-171" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1321.json b/2002/1xxx/CVE-2002-1321.json index 196e60e0f17..f1fa575ee07 100644 --- a/2002/1xxx/CVE-2002-1321.json +++ b/2002/1xxx/CVE-2002-1321.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1321", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1321", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103808645120764&w=2" - }, - { - "name" : "http://service.real.com/help/faq/security/bufferoverrun_player.html", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/help/faq/security/bufferoverrun_player.html" - }, - { - "name" : "6227", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6227" - }, - { - "name" : "6229", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6229" - }, - { - "name" : "realplayer-rtsp-filename-bo(10677)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain \"Now Playing\" options on a downloaded file with a long filename." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://service.real.com/help/faq/security/bufferoverrun_player.html", + "refsource": "CONFIRM", + "url": "http://service.real.com/help/faq/security/bufferoverrun_player.html" + }, + { + "name": "6229", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6229" + }, + { + "name": "20021122 Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103808645120764&w=2" + }, + { + "name": "6227", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6227" + }, + { + "name": "realplayer-rtsp-filename-bo(10677)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10677" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1746.json b/2002/1xxx/CVE-2002-1746.json index 7c2b656c4ad..e0a980305fd 100644 --- a/2002/1xxx/CVE-2002-1746.json +++ b/2002/1xxx/CVE-2002-1746.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1746", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1746", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020109 Security weaknesses of VTun", - "refsource" : "BUGTRAQ", - "url" : "http://seclists.org/bugtraq/2002/Jan/0119.html" - }, - { - "name" : "vpn-replay-attack(7870)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7870" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vtun 2.5b1 allows remote attackers to inject data into user sessions by sniffing and replaying packets." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20020109 Security weaknesses of VTun", + "refsource": "BUGTRAQ", + "url": "http://seclists.org/bugtraq/2002/Jan/0119.html" + }, + { + "name": "vpn-replay-attack(7870)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7870" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0465.json b/2003/0xxx/CVE-2003-0465.json index 2cedd521cff..1c2b727c3c9 100644 --- a/2003/0xxx/CVE-2003-0465.json +++ b/2003/0xxx/CVE-2003-0465.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=linux-kernel&m=105796021120436&w=2" - }, - { - "name" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=linux-kernel&m=105796415223490&w=2" - }, - { - "name" : "RHSA-2004:188", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2004-188.html" - }, - { - "name" : "oval:org.mitre.oval:def:10285", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the buffer on architectures other than x86, as opposed to the expected behavior of strncpy as implemented in libc, which could lead to information leaks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2004:188", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2004-188.html" + }, + { + "name": "http://marc.info/?l=linux-kernel&m=105796415223490&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=linux-kernel&m=105796415223490&w=2" + }, + { + "name": "http://marc.info/?l=linux-kernel&m=105796021120436&w=2", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=linux-kernel&m=105796021120436&w=2" + }, + { + "name": "oval:org.mitre.oval:def:10285", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10285" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0477.json b/2003/0xxx/CVE-2003-0477.json index 68fc1ff8231..f6db3deaca1 100644 --- a/2003/0xxx/CVE-2003-0477.json +++ b/2003/0xxx/CVE-2003-0477.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0477", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0477", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030627 wzdftpd remote DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105674242105302&w=2" - }, - { - "name" : "http://www.wzdftpd.net/changea.html", - "refsource" : "CONFIRM", - "url" : "http://www.wzdftpd.net/changea.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command without an argument." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030627 wzdftpd remote DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105674242105302&w=2" + }, + { + "name": "http://www.wzdftpd.net/changea.html", + "refsource": "CONFIRM", + "url": "http://www.wzdftpd.net/changea.html" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0562.json b/2003/0xxx/CVE-2003-0562.json index e7dffe24d0b..6d0d22d65d9 100644 --- a/2003/0xxx/CVE-2003-0562.json +++ b/2003/0xxx/CVE-2003-0562.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0562", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0562", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105897724931665&w=2" - }, - { - "name" : "20030723 Buffer Overflow in Netware Web Server PERL Handler", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0041.html" - }, - { - "name" : "http://www.protego.dk/advisories/200301.html", - "refsource" : "MISC", - "url" : "http://www.protego.dk/advisories/200301.html" - }, - { - "name" : "20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105897561229347&w=2" - }, - { - "name" : "http://support.novell.com/servlet/tidfinder/2966549", - "refsource" : "CONFIRM", - "url" : "http://support.novell.com/servlet/tidfinder/2966549" - }, - { - "name" : "VU#185593", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/185593" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030723 Buffer Overflow in Netware Web Server PERL Handler", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105897724931665&w=2" + }, + { + "name": "http://www.protego.dk/advisories/200301.html", + "refsource": "MISC", + "url": "http://www.protego.dk/advisories/200301.html" + }, + { + "name": "20030723 Buffer Overflow in Netware Web Server PERL Handler", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0041.html" + }, + { + "name": "VU#185593", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/185593" + }, + { + "name": "http://support.novell.com/servlet/tidfinder/2966549", + "refsource": "CONFIRM", + "url": "http://support.novell.com/servlet/tidfinder/2966549" + }, + { + "name": "20030723 NOVL-2003-2966549 - Enterprise Web Server PERL Buffer Overflow", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105897561229347&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0694.json b/2003/0xxx/CVE-2003-0694.json index 01c6a31dd85..af251351a58 100644 --- a/2003/0xxx/CVE-2003-0694.json +++ b/2003/0xxx/CVE-2003-0694.json @@ -1,147 +1,147 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0694", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0694", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106381604923204&w=2" - }, - { - "name" : "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", - "refsource" : "FULLDISC", - "url" : "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html" - }, - { - "name" : "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html" - }, - { - "name" : "http://www.sendmail.org/8.12.10.html", - "refsource" : "CONFIRM", - "url" : "http://www.sendmail.org/8.12.10.html" - }, - { - "name" : "CA-2003-25", - "refsource" : "CERT", - "url" : "http://www.cert.org/advisories/CA-2003-25.html" - }, - { - "name" : "RHSA-2003:283", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-283.html" - }, - { - "name" : "RHSA-2003:284", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-284.html" - }, - { - "name" : "CLA-2003:742", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742" - }, - { - "name" : "MDKSA-2003:092", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092" - }, - { - "name" : "DSA-384", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-384" - }, - { - "name" : "SCOSA-2004.11", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt" - }, - { - "name" : "20030917 GLSA: sendmail (200309-13)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106383437615742&w=2" - }, - { - "name" : "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106382859407683&w=2" - }, - { - "name" : "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=106398718909274&w=2" - }, - { - "name" : "VU#784980", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/784980" - }, - { - "name" : "oval:org.mitre.oval:def:572", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572" - }, - { - "name" : "oval:org.mitre.oval:def:603", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603" - }, - { - "name" : "oval:org.mitre.oval:def:2975", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030919 [OpenPKG-SA-2003.041] OpenPKG Security Advisory (sendmail)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106398718909274&w=2" + }, + { + "name": "http://www.sendmail.org/8.12.10.html", + "refsource": "CONFIRM", + "url": "http://www.sendmail.org/8.12.10.html" + }, + { + "name": "RHSA-2003:283", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-283.html" + }, + { + "name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", + "refsource": "FULLDISC", + "url": "http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/4119.html" + }, + { + "name": "CA-2003-25", + "refsource": "CERT", + "url": "http://www.cert.org/advisories/CA-2003-25.html" + }, + { + "name": "VU#784980", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/784980" + }, + { + "name": "MDKSA-2003:092", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:092" + }, + { + "name": "oval:org.mitre.oval:def:603", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A603" + }, + { + "name": "20030917 [slackware-security] Sendmail vulnerabilities fixed (SSA:2003-260-02)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106382859407683&w=2" + }, + { + "name": "DSA-384", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-384" + }, + { + "name": "SCOSA-2004.11", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2004.11/SCOSA-2004.11.txt" + }, + { + "name": "RHSA-2003:284", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-284.html" + }, + { + "name": "20030917 GLSA: sendmail (200309-13)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106383437615742&w=2" + }, + { + "name": "20030917 Zalewski Advisory - Sendmail 8.12.9 prescan bug", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0113.html" + }, + { + "name": "oval:org.mitre.oval:def:572", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A572" + }, + { + "name": "20030917 Sendmail 8.12.9 prescan bug (a new one) [CAN-2003-0694]", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=106381604923204&w=2" + }, + { + "name": "oval:org.mitre.oval:def:2975", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2975" + }, + { + "name": "CLA-2003:742", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0278.json b/2012/0xxx/CVE-2012-0278.json index 3db9100e999..19997b53969 100644 --- a/2012/0xxx/CVE-2012-0278.json +++ b/2012/0xxx/CVE-2012-0278.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0278", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0278", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41", - "refsource" : "MISC", - "url" : "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41" - }, - { - "name" : "53009", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53009" - }, - { - "name" : "48772", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48772" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during decompression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "53009", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53009" + }, + { + "name": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41", + "refsource": "MISC", + "url": "http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=41&Itemid=41" + }, + { + "name": "48772", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48772" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0465.json b/2012/0xxx/CVE-2012-0465.json index ac7d3f6d965..5e4b7c0b835 100644 --- a/2012/0xxx/CVE-2012-0465.json +++ b/2012/0xxx/CVE-2012-0465.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0465", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0465", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=728639", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=728639" - }, - { - "name" : "FEDORA-2012-6282", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html" - }, - { - "name" : "FEDORA-2012-6368", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html" - }, - { - "name" : "FEDORA-2012-6396", - "refsource" : "FEDORA", - "url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, and 4.1.x and 4.2.x before 4.2.1, when the inbound_proxies option is enabled, does not properly validate the X-Forwarded-For HTTP header, which allows remote attackers to bypass the lockout policy via a series of authentication requests with (1) different IP address strings in this header or (2) a long string in this header." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=728639", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=728639" + }, + { + "name": "FEDORA-2012-6282", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079604.html" + }, + { + "name": "20120418 Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0135.html" + }, + { + "name": "FEDORA-2012-6396", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079481.html" + }, + { + "name": "FEDORA-2012-6368", + "refsource": "FEDORA", + "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079432.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0642.json b/2012/0xxx/CVE-2012-0642.json index ae09b94b0dc..f92151d9af3 100644 --- a/2012/0xxx/CVE-2012-0642.json +++ b/2012/0xxx/CVE-2012-0642.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0642", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0642", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5281", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5281" - }, - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-05-09-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via a crafted catalog file in an HFS disk image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "http://support.apple.com/kb/HT5281", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5281" + }, + { + "name": "APPLE-SA-2012-05-09-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0744.json b/2012/0xxx/CVE-2012-0744.json index 5dfda0a37b3..c21f2f2f8d2 100644 --- a/2012/0xxx/CVE-2012-0744.json +++ b/2012/0xxx/CVE-2012-0744.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0744", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0744", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21599361", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21599361" - }, - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21606317", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21606317" - }, - { - "name" : "PM66896", - "refsource" : "AIXAPAR", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896" - }, - { - "name" : "rcq-installscripts-info-disclosure(74671)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 allows remote attackers to obtain potentially sensitive information via a request to a (1) snoop, (2) hello, (3) ivt/, (4) hitcount, (5) HitCount.jsp, (6) HelloHTMLError.jsp, (7) HelloHTML.jsp, (8) HelloVXMLError.jsp, (9) HelloVXML.jsp, (10) HelloWMLError.jsp, (11) HelloWML.jsp, or (12) cqweb/j_security_check sample script." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "PM66896", + "refsource": "AIXAPAR", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66896" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21606317", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21606317" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21599361", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21599361" + }, + { + "name": "rcq-installscripts-info-disclosure(74671)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74671" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1363.json b/2012/1xxx/CVE-2012-1363.json index ab889b438b1..3c3fa922a81 100644 --- a/2012/1xxx/CVE-2012-1363.json +++ b/2012/1xxx/CVE-2012-1363.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1363", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1363", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1492.json b/2012/1xxx/CVE-2012-1492.json index 63df48d5d03..494c6984313 100644 --- a/2012/1xxx/CVE-2012-1492.json +++ b/2012/1xxx/CVE-2012-1492.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1492", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1492", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1700.json b/2012/1xxx/CVE-2012-1700.json index e8dc5894f21..7ac5380fb4f 100644 --- a/2012/1xxx/CVE-2012-1700.json +++ b/2012/1xxx/CVE-2012-1700.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1700", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1700", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3302.json b/2012/3xxx/CVE-2012-3302.json index ce1083dec99..0737d31d362 100644 --- a/2012/3xxx/CVE-2012-3302.json +++ b/2012/3xxx/CVE-2012-3302.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3302", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-3302", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://websecurity.com.ua/5839/", - "refsource" : "MISC", - "url" : "http://websecurity.com.ua/5839/" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21608160", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21608160" - }, - { - "name" : "lotus-domino-xss(77401)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21608160" + }, + { + "name": "http://websecurity.com.ua/5839/", + "refsource": "MISC", + "url": "http://websecurity.com.ua/5839/" + }, + { + "name": "lotus-domino-xss(77401)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77401" + } + ] + } +} \ No newline at end of file diff --git a/2012/3xxx/CVE-2012-3610.json b/2012/3xxx/CVE-2012-3610.json index 7fc46e7ea7b..450aad58b9f 100644 --- a/2012/3xxx/CVE-2012-3610.json +++ b/2012/3xxx/CVE-2012-3610.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-3610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-3610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://support.apple.com/kb/HT5400", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5400" - }, - { - "name" : "http://support.apple.com/kb/HT5485", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5485" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-07-25-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" - }, - { - "name" : "APPLE-SA-2012-09-12-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://support.apple.com/kb/HT5485", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5485" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "APPLE-SA-2012-09-12-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" + }, + { + "name": "APPLE-SA-2012-07-25-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" + }, + { + "name": "http://support.apple.com/kb/HT5400", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5400" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4088.json b/2012/4xxx/CVE-2012-4088.json index 146c338c76a..146ea8d455a 100644 --- a/2012/4xxx/CVE-2012-4088.json +++ b/2012/4xxx/CVE-2012-4088.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4088", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2012-4088", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20130925 Cisco Unified Computing System FTP User Vulnerability", - "refsource" : "CISCO", - "url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088" - }, - { - "name" : "1029102", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1029102" - }, - { - "name" : "54682", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/54682" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The FTP server in Cisco Unified Computing System (UCS) has a hardcoded password for an unspecified user account, which makes it easier for remote attackers to read or modify files by leveraging knowledge of this password, aka Bug ID CSCtg20769." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1029102", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1029102" + }, + { + "name": "54682", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/54682" + }, + { + "name": "20130925 Cisco Unified Computing System FTP User Vulnerability", + "refsource": "CISCO", + "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4088" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4789.json b/2012/4xxx/CVE-2012-4789.json index 3315340cf28..1b334bbe3e6 100644 --- a/2012/4xxx/CVE-2012-4789.json +++ b/2012/4xxx/CVE-2012-4789.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4789", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2012-4789", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2040.json b/2017/2xxx/CVE-2017-2040.json index 722deeed98e..833e81a0d1e 100644 --- a/2017/2xxx/CVE-2017-2040.json +++ b/2017/2xxx/CVE-2017-2040.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2040", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2040", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2067.json b/2017/2xxx/CVE-2017-2067.json index 7fab08b2061..29e67c35134 100644 --- a/2017/2xxx/CVE-2017-2067.json +++ b/2017/2xxx/CVE-2017-2067.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-2067", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-2067", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2090.json b/2017/2xxx/CVE-2017-2090.json index 2a87c6d849e..320569b40bb 100644 --- a/2017/2xxx/CVE-2017-2090.json +++ b/2017/2xxx/CVE-2017-2090.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2090", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cybozu Garoon", - "version" : { - "version_data" : [ - { - "version_value" : "3.0.0 to 4.2.3" - } - ] - } - } - ] - }, - "vendor_name" : "Cybozu, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "SQL Injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2090", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cybozu Garoon", + "version": { + "version_data": [ + { + "version_value": "3.0.0 to 4.2.3" + } + ] + } + } + ] + }, + "vendor_name": "Cybozu, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.cybozu.com/ja-jp/article/9499", - "refsource" : "MISC", - "url" : "https://support.cybozu.com/ja-jp/article/9499" - }, - { - "name" : "JVN#73182875", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN73182875/index.html" - }, - { - "name" : "96429", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96429" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "SQL Injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#73182875", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN73182875/index.html" + }, + { + "name": "https://support.cybozu.com/ja-jp/article/9499", + "refsource": "MISC", + "url": "https://support.cybozu.com/ja-jp/article/9499" + }, + { + "name": "96429", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96429" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2111.json b/2017/2xxx/CVE-2017-2111.json index fa314590e81..829ab0c4df2 100644 --- a/2017/2xxx/CVE-2017-2111.json +++ b/2017/2xxx/CVE-2017-2111.json @@ -1,122 +1,122 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2111", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TS-WPTCAM", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WPTCAM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.00" - } - ] - } - }, - { - "product_name" : "TS-WLCE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WLC2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WRLC", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.17 and earlier" - } - ] - } - }, - { - "product_name" : "TS-PTCAM/POE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.18 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "HTTP header injection" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2111", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TS-WPTCAM", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WPTCAM2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.00" + } + ] + } + }, + { + "product_name": "TS-WLCE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WLC2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + }, + { + "product_name": "TS-WRLC", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.17 and earlier" + } + ] + } + }, + { + "product_name": "TS-PTCAM/POE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.18 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2017/camera201702/", - "refsource" : "MISC", - "url" : "http://www.iodata.jp/support/information/2017/camera201702/" - }, - { - "name" : "JVN#46830433", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN46830433/index.html" - }, - { - "name" : "96620", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96620" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "HTTP header injection" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "JVN#46830433", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN46830433/index.html" + }, + { + "name": "96620", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96620" + }, + { + "name": "http://www.iodata.jp/support/information/2017/camera201702/", + "refsource": "MISC", + "url": "http://www.iodata.jp/support/information/2017/camera201702/" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2223.json b/2017/2xxx/CVE-2017-2223.json index 5fca3d6451b..fa00533b254 100644 --- a/2017/2xxx/CVE-2017-2223.json +++ b/2017/2xxx/CVE-2017-2223.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "vultures@jpcert.or.jp", - "ID" : "CVE-2017-2223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "TS-WPTCAM", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-PTCAM", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-PTCAM/POE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WLC2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WLCE", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WRLC", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.19 and earlier" - } - ] - } - }, - { - "product_name" : "TS-WPTCAM2", - "version" : { - "version_data" : [ - { - "version_value" : "firmware version 1.01 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "I-O DATA DEVICE, INC." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-site request forgery" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2017-2223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "TS-WPTCAM", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-PTCAM", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-PTCAM/POE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-WLC2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-WLCE", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-WRLC", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.19 and earlier" + } + ] + } + }, + { + "product_name": "TS-WPTCAM2", + "version": { + "version_data": [ + { + "version_value": "firmware version 1.01 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "I-O DATA DEVICE, INC." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.iodata.jp/support/information/2017/camera201706/", - "refsource" : "MISC", - "url" : "http://www.iodata.jp/support/information/2017/camera201706/" - }, - { - "name" : "JVN#65411235", - "refsource" : "JVN", - "url" : "https://jvn.jp/en/jp/JVN65411235/index.html" - }, - { - "name" : "99144", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99144" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-site request forgery" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.iodata.jp/support/information/2017/camera201706/", + "refsource": "MISC", + "url": "http://www.iodata.jp/support/information/2017/camera201706/" + }, + { + "name": "99144", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99144" + }, + { + "name": "JVN#65411235", + "refsource": "JVN", + "url": "https://jvn.jp/en/jp/JVN65411235/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2450.json b/2017/2xxx/CVE-2017-2450.json index a27ed23780d..13b949220c5 100644 --- a/2017/2xxx/CVE-2017-2450.json +++ b/2017/2xxx/CVE-2017-2450.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-2450", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-2450", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207601", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207601" - }, - { - "name" : "https://support.apple.com/HT207602", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207602" - }, - { - "name" : "https://support.apple.com/HT207615", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207615" - }, - { - "name" : "https://support.apple.com/HT207617", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207617" - }, - { - "name" : "97137", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97137" - }, - { - "name" : "1038138", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038138" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a crafted font file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "97137", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97137" + }, + { + "name": "https://support.apple.com/HT207601", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207601" + }, + { + "name": "https://support.apple.com/HT207615", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207615" + }, + { + "name": "1038138", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038138" + }, + { + "name": "https://support.apple.com/HT207602", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207602" + }, + { + "name": "https://support.apple.com/HT207617", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207617" + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2674.json b/2017/2xxx/CVE-2017-2674.json index 405ea5c0940..b8e6d87f247 100644 --- a/2017/2xxx/CVE-2017-2674.json +++ b/2017/2xxx/CVE-2017-2674.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2017-2674", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "business-central", - "version" : { - "version_data" : [ - { - "version_value" : "6.4.3" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2674", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "business-central", + "version": { + "version_data": [ + { + "version_value": "6.4.3" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674" - }, - { - "name" : "RHSA-2017:1217", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1217" - }, - { - "name" : "RHSA-2017:1218", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1218" - }, - { - "name" : "98390", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98390" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly sanitized before showing to other users, including admins." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "6.1/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:1217", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1217" + }, + { + "name": "RHSA-2017:1218", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1218" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2674" + }, + { + "name": "98390", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98390" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3292.json b/2017/3xxx/CVE-2017-3292.json index 76ddbb6677f..6309a66ee87 100644 --- a/2017/3xxx/CVE-2017-3292.json +++ b/2017/3xxx/CVE-2017-3292.json @@ -1,75 +1,75 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3292", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "PeopleSoft Enterprise PT PeopleTools", - "version" : { - "version_data" : [ - { - "version_value" : "8.54" - }, - { - "version_value" : "8.55" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3292", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "PeopleSoft Enterprise PT PeopleTools", + "version": { + "version_data": [ + { + "version_value": "8.54" + }, + { + "version_value": "8.55" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "95502", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95502" - }, - { - "name" : "1037634", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037634" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS v3.0 Base Score 5.7 (Confidentiality impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1037634", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037634" + }, + { + "name": "95502", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95502" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3821.json b/2017/3xxx/CVE-2017-3821.json index 81b04585cae..036b865b1ad 100644 --- a/2017/3xxx/CVE-2017-3821.json +++ b/2017/3xxx/CVE-2017-3821.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-3821", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Unified Communications Manager", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Unified Communications Manager" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Cross-Site Scripting Vulnerability" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-3821", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Unified Communications Manager", + "version": { + "version_data": [ + { + "version_value": "Cisco Unified Communications Manager" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm" - }, - { - "name" : "96241", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96241" - }, - { - "name" : "1037839", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037839" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Information: CSCvc49348. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.209) 12.0(0.98000.478) 12.0(0.98000.609)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Cross-Site Scripting Vulnerability" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170215-cucm" + }, + { + "name": "96241", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96241" + }, + { + "name": "1037839", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037839" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6094.json b/2017/6xxx/CVE-2017-6094.json index bfb6d26b20b..9f2304f9246 100644 --- a/2017/6xxx/CVE-2017-6094.json +++ b/2017/6xxx/CVE-2017-6094.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6094", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6094", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability", - "refsource" : "FULLDISC", - "url" : "http://seclists.org/fulldisclosure/2017/Dec/62" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability", + "refsource": "FULLDISC", + "url": "http://seclists.org/fulldisclosure/2017/Dec/62" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6345.json b/2017/6xxx/CVE-2017-6345.json index 21265a05e74..fbb2ad0048e 100644 --- a/2017/6xxx/CVE-2017-6345.json +++ b/2017/6xxx/CVE-2017-6345.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6345", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6345", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170228 Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/02/28/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13" - }, - { - "name" : "https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762" - }, - { - "name" : "DSA-3804", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3804" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "96510", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96510" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96510", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96510" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762" + }, + { + "name": "[oss-security] 20170228 Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345)", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/02/28/7" + }, + { + "name": "DSA-3804", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3804" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6402.json b/2017/6xxx/CVE-2017-6402.json index 3b09064794c..552a461cd4b 100644 --- a/2017/6xxx/CVE-2017-6402.json +++ b/2017/6xxx/CVE-2017-6402.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", - "refsource" : "CONFIRM", - "url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3" - }, - { - "name" : "96485", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and earlier. Denial of service affecting NetBackup server can occur." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96485", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96485" + }, + { + "name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3", + "refsource": "CONFIRM", + "url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue3" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6917.json b/2017/6xxx/CVE-2017-6917.json index c9f4ad67f62..1dd933dd767 100644 --- a/2017/6xxx/CVE-2017-6917.json +++ b/2017/6xxx/CVE-2017-6917.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6917", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6917", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" - }, - { - "name" : "https://github.com/bigtreecms/BigTree-CMS/issues/275", - "refsource" : "MISC", - "url" : "https://github.com/bigtreecms/BigTree-CMS/issues/275" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "CSRF exists in BigTree CMS 4.2.16 with the value parameter to the admin/settings/update/ page. The Colophon can be changed." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/files/843734/BigTree.-.Multiple.Issue.of.CSRF.that.could.Illegally.Few.Data.Changes.v02.pdf" + }, + { + "name": "https://github.com/bigtreecms/BigTree-CMS/issues/275", + "refsource": "MISC", + "url": "https://github.com/bigtreecms/BigTree-CMS/issues/275" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6977.json b/2017/6xxx/CVE-2017-6977.json index 649a9e4b57c..377b1b684fa 100644 --- a/2017/6xxx/CVE-2017-6977.json +++ b/2017/6xxx/CVE-2017-6977.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-6977", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Speech Framework\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-6977", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207797", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207797" - }, - { - "name" : "1038484", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038484" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Speech Framework\" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038484", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038484" + }, + { + "name": "https://support.apple.com/HT207797", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207797" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7031.json b/2017/7xxx/CVE-2017-7031.json index 6e4cb81d18b..1a012d38e93 100644 --- a/2017/7xxx/CVE-2017-7031.json +++ b/2017/7xxx/CVE-2017-7031.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7031", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Foundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7031", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT207922", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT207922" - }, - { - "name" : "99882", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99882" - }, - { - "name" : "1038951", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038951" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Foundation\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038951", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038951" + }, + { + "name": "99882", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99882" + }, + { + "name": "https://support.apple.com/HT207922", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT207922" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7108.json b/2017/7xxx/CVE-2017-7108.json index eacf2bb5e42..1e9269af2dc 100644 --- a/2017/7xxx/CVE-2017-7108.json +++ b/2017/7xxx/CVE-2017-7108.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7108", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7108", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1312", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1312" - }, - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208115", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208115" - }, - { - "name" : "100927", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100927" - }, - { - "name" : "1039385", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039385" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1039385", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039385" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "https://support.apple.com/HT208115", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208115" + }, + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1312", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1312" + }, + { + "name": "100927", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100927" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7250.json b/2017/7xxx/CVE-2017-7250.json index cb8830b2707..5886c31316d 100644 --- a/2017/7xxx/CVE-2017-7250.json +++ b/2017/7xxx/CVE-2017-7250.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7250", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7250", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/WhatCD/Gazelle/issues/113", - "refsource" : "CONFIRM", - "url" : "https://github.com/WhatCD/Gazelle/issues/113" - }, - { - "name" : "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS", - "refsource" : "CONFIRM", - "url" : "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS" - }, - { - "name" : "97063", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97063" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/WhatCD/Gazelle/issues/113", + "refsource": "CONFIRM", + "url": "https://github.com/WhatCD/Gazelle/issues/113" + }, + { + "name": "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS", + "refsource": "CONFIRM", + "url": "https://github.com/scriptzteam/Gazelle---Torrent-Tracker-ANTi-XSS" + }, + { + "name": "97063", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97063" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7480.json b/2017/7xxx/CVE-2017-7480.json index 6f90d69a425..332bb31a363 100644 --- a/2017/7xxx/CVE-2017-7480.json +++ b/2017/7xxx/CVE-2017-7480.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "DATE_PUBLIC" : "2017-06-29T00:00:00", - "ID" : "CVE-2017-7480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "rkhunter", - "version" : { - "version_data" : [ - { - "version_value" : "before 1.4.4" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-300" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "DATE_PUBLIC": "2017-06-29T00:00:00", + "ID": "CVE-2017-7480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "rkhunter", + "version": { + "version_data": [ + { + "version_value": "before 1.4.4" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170629 rkhunter: [CVE-2017-7480] Potential RCE after MiTM due to clear text download without signature", - "refsource" : "MLIST", - "url" : "http://seclists.org/oss-sec/2017/q2/643" - }, - { - "name" : "GLSA-201805-11", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201805-11" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-300" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[oss-security] 20170629 rkhunter: [CVE-2017-7480] Potential RCE after MiTM due to clear text download without signature", + "refsource": "MLIST", + "url": "http://seclists.org/oss-sec/2017/q2/643" + }, + { + "name": "GLSA-201805-11", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201805-11" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10000.json b/2018/10xxx/CVE-2018-10000.json index 20f8fcf7548..29e0019976f 100644 --- a/2018/10xxx/CVE-2018-10000.json +++ b/2018/10xxx/CVE-2018-10000.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10000", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10000", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1555", - "refsource" : "MISC", - "url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1555" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1555", + "refsource": "MISC", + "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1555" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10138.json b/2018/10xxx/CVE-2018-10138.json index 0c089557421..14008801c54 100644 --- a/2018/10xxx/CVE-2018-10138.json +++ b/2018/10xxx/CVE-2018-10138.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10138", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10138", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://cxsecurity.com/issue/WLB-2018040120", - "refsource" : "MISC", - "url" : "https://cxsecurity.com/issue/WLB-2018040120" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The CATALooK.netStore module through 7.2.8 for DNN (formerly DotNetNuke) allows XSS via the /ViewEditGoogleMaps.aspx PortalID or CATSkin parameter, or the /ImageViewer.aspx link or desc parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://cxsecurity.com/issue/WLB-2018040120", + "refsource": "MISC", + "url": "https://cxsecurity.com/issue/WLB-2018040120" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10220.json b/2018/10xxx/CVE-2018-10220.json index 47bc9f77153..0824a52aaaa 100644 --- a/2018/10xxx/CVE-2018-10220.json +++ b/2018/10xxx/CVE-2018-10220.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10220", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10220", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/mushorg/glastopf/issues/286", - "refsource" : "MISC", - "url" : "https://github.com/mushorg/glastopf/issues/286" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the abc.php a parameter. NOTE: the vendor indicates that this is intentional behavior because the product is a web application honeypot, and modules/handlers/emulators/rfi.py supports Remote File Inclusion emulation." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/mushorg/glastopf/issues/286", + "refsource": "MISC", + "url": "https://github.com/mushorg/glastopf/issues/286" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10326.json b/2018/10xxx/CVE-2018-10326.json index af1b779efdc..f6a13e46605 100644 --- a/2018/10xxx/CVE-2018-10326.json +++ b/2018/10xxx/CVE-2018-10326.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10326", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10326", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-10326", - "refsource" : "MISC", - "url" : "https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-10326" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored XSS vulnerabilities via the (1) department field in the printer configuration, (2) description field in the print server configuration, and (3) username field for authentication to print as guest." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-10326", + "refsource": "MISC", + "url": "https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-10326" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10788.json b/2018/10xxx/CVE-2018-10788.json index 7e26c59e1cc..b8ba85bc2c9 100644 --- a/2018/10xxx/CVE-2018-10788.json +++ b/2018/10xxx/CVE-2018-10788.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10788", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10788", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14299.json b/2018/14xxx/CVE-2018-14299.json index d13eaaa0222..fea62eba554 100644 --- a/2018/14xxx/CVE-2018-14299.json +++ b/2018/14xxx/CVE-2018-14299.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "zdi-disclosures@trendmicro.com", - "ID" : "CVE-2018-14299", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Foxit Reader", - "version" : { - "version_data" : [ - { - "version_value" : "9.0.1.5096" - } - ] - } - } - ] - }, - "vendor_name" : "Foxit" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-416-Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "zdi-disclosures@trendmicro.com", + "ID": "CVE-2018-14299", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Foxit Reader", + "version": { + "version_data": [ + { + "version_value": "9.0.1.5096" + } + ] + } + } + ] + }, + "vendor_name": "Foxit" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://zerodayinitiative.com/advisories/ZDI-18-759", - "refsource" : "MISC", - "url" : "https://zerodayinitiative.com/advisories/ZDI-18-759" - }, - { - "name" : "https://www.foxitsoftware.com/support/security-bulletins.php", - "refsource" : "CONFIRM", - "url" : "https://www.foxitsoftware.com/support/security-bulletins.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Line annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6215." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-416-Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://zerodayinitiative.com/advisories/ZDI-18-759", + "refsource": "MISC", + "url": "https://zerodayinitiative.com/advisories/ZDI-18-759" + }, + { + "name": "https://www.foxitsoftware.com/support/security-bulletins.php", + "refsource": "CONFIRM", + "url": "https://www.foxitsoftware.com/support/security-bulletins.php" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14614.json b/2018/14xxx/CVE-2018-14614.json index 926e3699917..c4937e7621f 100644 --- a/2018/14xxx/CVE-2018-14614.json +++ b/2018/14xxx/CVE-2018-14614.json @@ -1,67 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14614", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14614", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200419", - "refsource" : "MISC", - "url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200419" - }, - { - "name" : "104917", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/104917" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "104917", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/104917" + }, + { + "name": "https://bugzilla.kernel.org/show_bug.cgi?id=200419", + "refsource": "MISC", + "url": "https://bugzilla.kernel.org/show_bug.cgi?id=200419" + }, + { + "refsource": "MLIST", + "name": "[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update", + "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14672.json b/2018/14xxx/CVE-2018-14672.json index 175262abb5b..29a0e738fa5 100644 --- a/2018/14xxx/CVE-2018-14672.json +++ b/2018/14xxx/CVE-2018-14672.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14672", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14672", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14805.json b/2018/14xxx/CVE-2018-14805.json index f9ffb62d482..36b74271689 100644 --- a/2018/14xxx/CVE-2018-14805.json +++ b/2018/14xxx/CVE-2018-14805.json @@ -1,73 +1,73 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "ics-cert@hq.dhs.gov", - "DATE_PUBLIC" : "2018-08-28T00:00:00", - "ID" : "CVE-2018-14805", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "ABB eSOMS", - "version" : { - "version_data" : [ - { - "version_value" : "Version 6.0.2" - } - ] - } - } - ] - }, - "vendor_name" : "ICS-CERT" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "IMPROPER AUTHENTICATION CWE-287" - } + "CVE_data_meta": { + "ASSIGNER": "ics-cert@hq.dhs.gov", + "DATE_PUBLIC": "2018-08-28T00:00:00", + "ID": "CVE-2018-14805", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "ABB eSOMS", + "version": { + "version_data": [ + { + "version_value": "Version 6.0.2" + } + ] + } + } + ] + }, + "vendor_name": "ICS-CERT" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04", - "refsource" : "MISC", - "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04" - }, - { - "name" : "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch", - "refsource" : "CONFIRM", - "url" : "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch" - }, - { - "name" : "105169", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/105169" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both conditions are required to exploit this vulnerability." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "IMPROPER AUTHENTICATION CWE-287" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch", + "refsource": "CONFIRM", + "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107046A5821&LanguageCode=en&DocumentPartId=&Action=Launch" + }, + { + "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04", + "refsource": "MISC", + "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-240-04" + }, + { + "name": "105169", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/105169" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15324.json b/2018/15xxx/CVE-2018-15324.json index 1bc1a1f42f8..62ef646119c 100644 --- a/2018/15xxx/CVE-2018-15324.json +++ b/2018/15xxx/CVE-2018-15324.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "f5sirt@f5.com", - "ID" : "CVE-2018-15324", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "BIG-IP (APM)", - "version" : { - "version_data" : [ - { - "version_value" : "14.0.0-14.0.0.2, 13.0.0-13.1.1.1" - } - ] - } - } - ] - }, - "vendor_name" : "F5 Networks, Inc." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "DoS" - } + "CVE_data_meta": { + "ASSIGNER": "f5sirt@f5.com", + "ID": "CVE-2018-15324", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "BIG-IP (APM)", + "version": { + "version_data": [ + { + "version_value": "14.0.0-14.0.0.2, 13.0.0-13.1.1.1" + } + ] + } + } + ] + }, + "vendor_name": "F5 Networks, Inc." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.f5.com/csp/article/K52206731", - "refsource" : "CONFIRM", - "url" : "https://support.f5.com/csp/article/K52206731" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "On BIG-IP APM 14.0.0-14.0.0.2 or 13.0.0-13.1.1.1, TMM may restart when processing a specially crafted request with APM portal access." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "DoS" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.f5.com/csp/article/K52206731", + "refsource": "CONFIRM", + "url": "https://support.f5.com/csp/article/K52206731" + } + ] + } +} \ No newline at end of file diff --git a/2018/15xxx/CVE-2018-15554.json b/2018/15xxx/CVE-2018-15554.json index 48d7c6d6f2e..a8c5cb9a944 100644 --- a/2018/15xxx/CVE-2018-15554.json +++ b/2018/15xxx/CVE-2018-15554.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-15554", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-15554", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20039.json b/2018/20xxx/CVE-2018-20039.json index e9dcdffaaf4..38c5e7c6a04 100644 --- a/2018/20xxx/CVE-2018-20039.json +++ b/2018/20xxx/CVE-2018-20039.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20039", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20039", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20293.json b/2018/20xxx/CVE-2018-20293.json index 3d8e18233c6..01a75304b79 100644 --- a/2018/20xxx/CVE-2018-20293.json +++ b/2018/20xxx/CVE-2018-20293.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20293", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20293", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20430.json b/2018/20xxx/CVE-2018-20430.json index 854a28f6427..d6aaca0bc3c 100644 --- a/2018/20xxx/CVE-2018-20430.json +++ b/2018/20xxx/CVE-2018-20430.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20430", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20430", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html" - }, - { - "name" : "https://gnunet.org/bugs/view.php?id=5493", - "refsource" : "MISC", - "url" : "https://gnunet.org/bugs/view.php?id=5493" - }, - { - "name" : "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110", - "refsource" : "MISC", - "url" : "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110" - }, - { - "name" : "https://gnunet.org/git/libextractor.git/tree/ChangeLog", - "refsource" : "MISC", - "url" : "https://gnunet.org/git/libextractor.git/tree/ChangeLog" - }, - { - "name" : "DSA-4361", - "refsource" : "DEBIAN", - "url" : "https://www.debian.org/security/2018/dsa-4361" - }, - { - "name" : "106300", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/106300" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU Libextractor through 1.8 has an out-of-bounds read vulnerability in the function history_extract() in plugins/ole2_extractor.c, related to EXTRACTOR_common_convert_to_utf8 in common/convert.c." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "[debian-lts-announce] 20181224 [SECURITY] [DLA 1616-1] libextractor security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00015.html" + }, + { + "name": "DSA-4361", + "refsource": "DEBIAN", + "url": "https://www.debian.org/security/2018/dsa-4361" + }, + { + "name": "https://gnunet.org/git/libextractor.git/tree/ChangeLog", + "refsource": "MISC", + "url": "https://gnunet.org/git/libextractor.git/tree/ChangeLog" + }, + { + "name": "106300", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/106300" + }, + { + "name": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110", + "refsource": "MISC", + "url": "https://gnunet.org/git/libextractor.git/commit/?id=b405d707b36e0654900cba78e89f49779efea110" + }, + { + "name": "https://gnunet.org/bugs/view.php?id=5493", + "refsource": "MISC", + "url": "https://gnunet.org/bugs/view.php?id=5493" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20686.json b/2018/20xxx/CVE-2018-20686.json index 54c56e3ebea..f1468049121 100644 --- a/2018/20xxx/CVE-2018-20686.json +++ b/2018/20xxx/CVE-2018-20686.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20686", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20686", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9494.json b/2018/9xxx/CVE-2018-9494.json index 98706fa734d..624a23dffb2 100644 --- a/2018/9xxx/CVE-2018-9494.json +++ b/2018/9xxx/CVE-2018-9494.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9494", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9494", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9711.json b/2018/9xxx/CVE-2018-9711.json index 140c12002b4..f091fb26bd4 100644 --- a/2018/9xxx/CVE-2018-9711.json +++ b/2018/9xxx/CVE-2018-9711.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9711", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9711", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9715.json b/2018/9xxx/CVE-2018-9715.json index ab37fb6e012..5a4f9499187 100644 --- a/2018/9xxx/CVE-2018-9715.json +++ b/2018/9xxx/CVE-2018-9715.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9715", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9715", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file