From 8219433fa52372e023afb1ff3d27a84329a05b95 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Sun, 17 Mar 2019 22:52:51 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2002/0xxx/CVE-2002-0680.json | 160 ++++++++++++------------- 2002/0xxx/CVE-2002-0785.json | 160 ++++++++++++------------- 2002/0xxx/CVE-2002-0891.json | 150 +++++++++++------------ 2002/1xxx/CVE-2002-1198.json | 150 +++++++++++------------ 2002/1xxx/CVE-2002-1203.json | 140 +++++++++++----------- 2002/1xxx/CVE-2002-1400.json | 210 ++++++++++++++++----------------- 2002/1xxx/CVE-2002-1402.json | 190 ++++++++++++++--------------- 2002/1xxx/CVE-2002-1893.json | 140 +++++++++++----------- 2002/1xxx/CVE-2002-1905.json | 150 +++++++++++------------ 2003/0xxx/CVE-2003-0083.json | 180 ++++++++++++++-------------- 2003/0xxx/CVE-2003-0154.json | 190 ++++++++++++++--------------- 2003/0xxx/CVE-2003-0672.json | 120 +++++++++---------- 2003/1xxx/CVE-2003-1062.json | 150 +++++++++++------------ 2003/1xxx/CVE-2003-1382.json | 150 +++++++++++------------ 2012/0xxx/CVE-2012-0267.json | 150 +++++++++++------------ 2012/0xxx/CVE-2012-0645.json | 140 +++++++++++----------- 2012/0xxx/CVE-2012-0855.json | 160 ++++++++++++------------- 2012/1xxx/CVE-2012-1391.json | 120 +++++++++---------- 2012/1xxx/CVE-2012-1736.json | 170 +++++++++++++------------- 2012/4xxx/CVE-2012-4387.json | 180 ++++++++++++++-------------- 2012/4xxx/CVE-2012-4420.json | 34 +++--- 2012/5xxx/CVE-2012-5174.json | 140 +++++++++++----------- 2012/5xxx/CVE-2012-5261.json | 150 +++++++++++------------ 2012/5xxx/CVE-2012-5987.json | 34 +++--- 2017/2xxx/CVE-2017-2584.json | 190 ++++++++++++++--------------- 2017/3xxx/CVE-2017-3171.json | 34 +++--- 2017/3xxx/CVE-2017-3243.json | 210 ++++++++++++++++----------------- 2017/3xxx/CVE-2017-3355.json | 180 ++++++++++++++-------------- 2017/6xxx/CVE-2017-6482.json | 34 +++--- 2017/6xxx/CVE-2017-6489.json | 130 ++++++++++---------- 2017/6xxx/CVE-2017-6649.json | 140 +++++++++++----------- 2017/6xxx/CVE-2017-6879.json | 34 +++--- 2017/7xxx/CVE-2017-7093.json | 190 ++++++++++++++--------------- 2017/7xxx/CVE-2017-7223.json | 130 ++++++++++---------- 2018/10xxx/CVE-2018-10456.json | 34 +++--- 2018/10xxx/CVE-2018-10470.json | 132 ++++++++++----------- 2018/10xxx/CVE-2018-10521.json | 120 +++++++++---------- 2018/10xxx/CVE-2018-10927.json | 180 ++++++++++++++-------------- 2018/14xxx/CVE-2018-14523.json | 120 +++++++++---------- 2018/14xxx/CVE-2018-14550.json | 34 +++--- 2018/14xxx/CVE-2018-14596.json | 120 +++++++++---------- 2018/17xxx/CVE-2018-17212.json | 34 +++--- 2018/17xxx/CVE-2018-17242.json | 34 +++--- 2018/17xxx/CVE-2018-17580.json | 130 ++++++++++---------- 2018/20xxx/CVE-2018-20205.json | 34 +++--- 2018/20xxx/CVE-2018-20410.json | 130 ++++++++++---------- 2018/20xxx/CVE-2018-20429.json | 120 +++++++++---------- 2018/20xxx/CVE-2018-20610.json | 120 +++++++++---------- 2018/9xxx/CVE-2018-9315.json | 34 +++--- 2018/9xxx/CVE-2018-9390.json | 34 +++--- 2018/9xxx/CVE-2018-9921.json | 120 +++++++++---------- 51 files changed, 3160 insertions(+), 3160 deletions(-) diff --git a/2002/0xxx/CVE-2002-0680.json b/2002/0xxx/CVE-2002-0680.json index e5211702796..190862bc58a 100644 --- a/2002/0xxx/CVE-2002-0680.json +++ b/2002/0xxx/CVE-2002-0680.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0680", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0680", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102631742711795&w=2" - }, - { - "name" : "20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html" - }, - { - "name" : "20020719 Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102709382714597&w=2" - }, - { - "name" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", - "refsource" : "CONFIRM", - "url" : "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" - }, - { - "name" : "81099", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/81099" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "81099", + "refsource": "OSVDB", + "url": "http://osvdb.org/81099" + }, + { + "name": "20020710 [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0013.html" + }, + { + "name": "20020719 Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102709382714597&w=2" + }, + { + "name": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539", + "refsource": "CONFIRM", + "url": "http://freecode.com/projects/embedthis-goahead-webserver/releases/343539" + }, + { + "name": "20020710 wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102631742711795&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0785.json b/2002/0xxx/CVE-2002-0785.json index eadfbe4d97f..cb091b62a02 100644 --- a/2002/0xxx/CVE-2002-0785.json +++ b/2002/0xxx/CVE-2002-0785.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0785", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an \"AddBuddy\" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0785", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020508 Hole in AOL Instant Messenger", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html" - }, - { - "name" : "VU#259435", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/259435" - }, - { - "name" : "4709", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4709" - }, - { - "name" : "5109", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/5109" - }, - { - "name" : "aim-addbuddy-bo(9058)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9058.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an \"AddBuddy\" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "5109", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/5109" + }, + { + "name": "20020508 Hole in AOL Instant Messenger", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html" + }, + { + "name": "aim-addbuddy-bo(9058)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9058.php" + }, + { + "name": "4709", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4709" + }, + { + "name": "VU#259435", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/259435" + } + ] + } +} \ No newline at end of file diff --git a/2002/0xxx/CVE-2002-0891.json b/2002/0xxx/CVE-2002-0891.json index fd7163782fe..0693aeac878 100644 --- a/2002/0xxx/CVE-2002-0891.json +++ b/2002/0xxx/CVE-2002-0891.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-0891", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-0891", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020527 Netscreen 25 unauthorised reboot issue", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/274240" - }, - { - "name" : "http://www.netscreen.com/support/ns25_reboot.html", - "refsource" : "CONFIRM", - "url" : "http://www.netscreen.com/support/ns25_reboot.html" - }, - { - "name" : "netscreen-screenos-username-dos(9186)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9186.php" - }, - { - "name" : "4842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/4842" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "netscreen-screenos-username-dos(9186)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9186.php" + }, + { + "name": "4842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/4842" + }, + { + "name": "20020527 Netscreen 25 unauthorised reboot issue", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/274240" + }, + { + "name": "http://www.netscreen.com/support/ns25_reboot.html", + "refsource": "CONFIRM", + "url": "http://www.netscreen.com/support/ns25_reboot.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1198.json b/2002/1xxx/CVE-2002-1198.json index 811e4e95779..1b257fb4d29 100644 --- a/2002/1xxx/CVE-2002-1198.json +++ b/2002/1xxx/CVE-2002-1198.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1198", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1198", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021001 [BUGZILLA] Security Advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103349804226566&w=2" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=165221", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=165221" - }, - { - "name" : "5842", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5842" - }, - { - "name" : "bugzilla-email-sql-injection(10235)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10235.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "bugzilla-email-sql-injection(10235)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10235.php" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=165221", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=165221" + }, + { + "name": "5842", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5842" + }, + { + "name": "20021001 [BUGZILLA] Security Advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103349804226566&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1203.json b/2002/1xxx/CVE-2002-1203.json index 9bd897a5def..96f53d8211a 100644 --- a/2002/1xxx/CVE-2002-1203.json +++ b/2002/1xxx/CVE-2002-1203.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1203", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1203", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021009 Flood ACK packets cause an IBM SecureWay FireWall DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103417988503398&w=2" - }, - { - "name" : "5924", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5924" - }, - { - "name" : "secureway-tcp-flood-dos(10249)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10249.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM SecureWay Firewall before 4.2.2 performs extra processing before determining that a packet is invalid and dropping it, which allows remote attackers to cause a denial of service (resource exhaustion) via a flood of malformed TCP packets without any flags set." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20021009 Flood ACK packets cause an IBM SecureWay FireWall DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103417988503398&w=2" + }, + { + "name": "5924", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5924" + }, + { + "name": "secureway-tcp-flood-dos(10249)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10249.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1400.json b/2002/1xxx/CVE-2002-1400.json index 5a1664bcf0d..9b3058dc2d0 100644 --- a/2002/1xxx/CVE-2002-1400.json +++ b/2002/1xxx/CVE-2002-1400.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1400", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1400", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102987306029821&w=2" - }, - { - "name" : "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103021186622725&w=2" - }, - { - "name" : "http://marc.info/?l=postgresql-announce&m=103062536330644", - "refsource" : "CONFIRM", - "url" : "http://marc.info/?l=postgresql-announce&m=103062536330644" - }, - { - "name" : "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php", - "refsource" : "CONFIRM", - "url" : "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" - }, - { - "name" : "CLA-2002:524", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" - }, - { - "name" : "RHSA-2003:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" - }, - { - "name" : "SuSE-SA:2002:038", - "refsource" : "SUSE", - "url" : "http://www.novell.com/linux/security/advisories/2002_038_postgresql.html" - }, - { - "name" : "MDKSA-2002:062", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:062" - }, - { - "name" : "20020826 GLSA: PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103036987114437&w=2" - }, - { - "name" : "8034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the repeat() function for PostgreSQL before 7.2.2 allows attackers to execute arbitrary code by causing repeat() to generate a large string." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://marc.info/?l=postgresql-announce&m=103062536330644", + "refsource": "CONFIRM", + "url": "http://marc.info/?l=postgresql-announce&m=103062536330644" + }, + { + "name": "CLA-2002:524", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" + }, + { + "name": "20020820 @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102987306029821&w=2" + }, + { + "name": "8034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8034" + }, + { + "name": "RHSA-2003:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-001.html" + }, + { + "name": "MDKSA-2002:062", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:062" + }, + { + "name": "SuSE-SA:2002:038", + "refsource": "SUSE", + "url": "http://www.novell.com/linux/security/advisories/2002_038_postgresql.html" + }, + { + "name": "20020826 GLSA: PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103036987114437&w=2" + }, + { + "name": "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103021186622725&w=2" + }, + { + "name": "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php", + "refsource": "CONFIRM", + "url": "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1402.json b/2002/1xxx/CVE-2002-1402.json index de62586e599..7de7f644695 100644 --- a/2002/1xxx/CVE-2002-1402.json +++ b/2002/1xxx/CVE-2002-1402.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1402", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1402", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103021186622725&w=2" - }, - { - "name" : "[pgsql-announce] 20020824 PostgreSQL 7.2.2: Security Release", - "refsource" : "MLIST", - "url" : "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" - }, - { - "name" : "CLA-2002:524", - "refsource" : "CONECTIVA", - "url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" - }, - { - "name" : "DSA-165", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2002/dsa-165" - }, - { - "name" : "MDKSA-2002:062", - "refsource" : "MANDRAKE", - "url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:062" - }, - { - "name" : "RHSA-2003:001", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-001.html" - }, - { - "name" : "20020826 GLSA: PostgreSQL", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=103036987114437&w=2" - }, - { - "name" : "8034", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8034" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment variables for PostgreSQL 7.2.1 and earlier allow local users to cause a denial of service and possibly execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "CLA-2002:524", + "refsource": "CONECTIVA", + "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524" + }, + { + "name": "8034", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8034" + }, + { + "name": "RHSA-2003:001", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-001.html" + }, + { + "name": "DSA-165", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2002/dsa-165" + }, + { + "name": "[pgsql-announce] 20020824 PostgreSQL 7.2.2: Security Release", + "refsource": "MLIST", + "url": "http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php" + }, + { + "name": "MDKSA-2002:062", + "refsource": "MANDRAKE", + "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:062" + }, + { + "name": "20020826 GLSA: PostgreSQL", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103036987114437&w=2" + }, + { + "name": "20020824 Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=103021186622725&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1893.json b/2002/1xxx/CVE-2002-1893.json index 80985349fa3..9b03ac55a1c 100644 --- a/2002/1xxx/CVE-2002-1893.json +++ b/2002/1xxx/CVE-2002-1893.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1893", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1893", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021006 ArGoSoft Web-Mail security problem", - "refsource" : "BUGTRAQ", - "url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0085.html" - }, - { - "name" : "5906", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5906" - }, - { - "name" : "argosoft-webmail-xss(10301)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10301.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1.8.1.9 allows remote attackers to inject arbitrary web script or HTML via the e-mail message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "argosoft-webmail-xss(10301)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10301.php" + }, + { + "name": "20021006 ArGoSoft Web-Mail security problem", + "refsource": "BUGTRAQ", + "url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0085.html" + }, + { + "name": "5906", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5906" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1905.json b/2002/1xxx/CVE-2002-1905.json index d09d5e99345..8e77a9be76e 100644 --- a/2002/1xxx/CVE-2002-1905.json +++ b/2002/1xxx/CVE-2002-1905.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1905", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1905", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20021013 Security vulnerabilities in Polycom ViaVideo Web component", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/295146" - }, - { - "name" : "http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf" - }, - { - "name" : "5964", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5964" - }, - { - "name" : "viavideo-webserver-get-bo(10359)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/10359.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf", + "refsource": "CONFIRM", + "url": "http://www.polycom.com/common/pw_item_show_doc/0,1449,1442,00.pdf" + }, + { + "name": "20021013 Security vulnerabilities in Polycom ViaVideo Web component", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/295146" + }, + { + "name": "viavideo-webserver-get-bo(10359)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/10359.php" + }, + { + "name": "5964", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5964" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0083.json b/2003/0xxx/CVE-2003-0083.json index f54a22a102e..2754f59c381 100644 --- a/2003/0xxx/CVE-2003-0083.json +++ b/2003/0xxx/CVE-2003-0083.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0083", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0083", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25", - "refsource" : "CONFIRM", - "url" : "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25" - }, - { - "name" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH", - "refsource" : "CONFIRM", - "url" : "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH" - }, - { - "name" : "RHSA-2003:139", - "refsource" : "REDHAT", - "url" : "http://www.redhat.com/support/errata/RHSA-2003-139.html" - }, - { - "name" : "20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108024081011678&w=2" - }, - { - "name" : "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=108034113406858&w=2" - }, - { - "name" : "oval:org.mitre.oval:def:151", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151" - }, - { - "name" : "8146", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8146" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:151", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A151" + }, + { + "name": "8146", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8146" + }, + { + "name": "20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108034113406858&w=2" + }, + { + "name": "RHSA-2003:139", + "refsource": "REDHAT", + "url": "http://www.redhat.com/support/errata/RHSA-2003-139.html" + }, + { + "name": "20040325 GLSA200403-04 Multiple security vulnerabilities in Apache 2", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=108024081011678&w=2" + }, + { + "name": "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH", + "refsource": "CONFIRM", + "url": "http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/loggers/mod_log_config.c?only_with_tag=APACHE_2_0_BRANCH" + }, + { + "name": "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25", + "refsource": "CONFIRM", + "url": "http://cvs.apache.org/viewcvs.cgi/apache-1.3/src/modules/standard/mod_log_config.c?only_with_tag=APACHE_1_3_25" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0154.json b/2003/0xxx/CVE-2003-0154.json index f1639de072f..22504e8eec8 100644 --- a/2003/0xxx/CVE-2003-0154.json +++ b/2003/0xxx/CVE-2003-0154.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0154", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0154", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=102980129101054&w=2" - }, - { - "name" : "DSA-265", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-265" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=163573" - }, - { - "name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view" - }, - { - "name" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view", - "refsource" : "CONFIRM", - "url" : "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view" - }, - { - "name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244", - "refsource" : "MISC", - "url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=146244" - }, - { - "name" : "5516", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5516" - }, - { - "name" : "bonsai-error-message-xss(9920)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9920.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/attachment.cgi?id=95985&action=view" + }, + { + "name": "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/attachment.cgi?id=95950&action=view" + }, + { + "name": "5516", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5516" + }, + { + "name": "bonsai-error-message-xss(9920)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9920.php" + }, + { + "name": "20020819 Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=102980129101054&w=2" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=163573", + "refsource": "CONFIRM", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=163573" + }, + { + "name": "DSA-265", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-265" + }, + { + "name": "http://bugzilla.mozilla.org/show_bug.cgi?id=146244", + "refsource": "MISC", + "url": "http://bugzilla.mozilla.org/show_bug.cgi?id=146244" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0672.json b/2003/0xxx/CVE-2003-0672.json index a78fb933773..ea3d5cc0ae5 100644 --- a/2003/0xxx/CVE-2003-0672.json +++ b/2003/0xxx/CVE-2003-0672.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0672", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0672", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "DSA-370", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2003/dsa-370" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "DSA-370", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2003/dsa-370" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1062.json b/2003/1xxx/CVE-2003-1062.json index c558056dcdb..227f0dc185f 100644 --- a/2003/1xxx/CVE-2003-1062.json +++ b/2003/1xxx/CVE-2003-1062.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "57340", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57340-1" - }, - { - "name" : "8831", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8831" - }, - { - "name" : "10006", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/10006/" - }, - { - "name" : "solaris-sysinfo-read-memory(13435)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13435" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "solaris-sysinfo-read-memory(13435)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13435" + }, + { + "name": "10006", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/10006/" + }, + { + "name": "57340", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57340-1" + }, + { + "name": "8831", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8831" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1382.json b/2003/1xxx/CVE-2003-1382.json index 3a720f98098..418c5b68e7c 100644 --- a/2003/1xxx/CVE-2003-1382.json +++ b/2003/1xxx/CVE-2003-1382.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1382", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1382", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030227 ISMAIL (All Versions) Remote Buffer Overrun", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313363" - }, - { - "name" : "6972", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6972" - }, - { - "name" : "3254", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3254" - }, - { - "name" : "ismail-smtp-domain-bo(11432)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11432" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to execute arbitrary code via long domain names in (1) MAIL FROM or (2) RCPT TO fields." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ismail-smtp-domain-bo(11432)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11432" + }, + { + "name": "3254", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3254" + }, + { + "name": "20030227 ISMAIL (All Versions) Remote Buffer Overrun", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313363" + }, + { + "name": "6972", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6972" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0267.json b/2012/0xxx/CVE-2012-0267.json index e96cda8c8d5..f57192dbf92 100644 --- a/2012/0xxx/CVE-2012-0267.json +++ b/2012/0xxx/CVE-2012-0267.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0267", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "PSIRT-CNA@flexerasoftware.com", + "ID": "CVE-2012-0267", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "21839", - "refsource" : "EXPLOIT-DB", - "url" : "http://www.exploit-db.com/exploits/21839" - }, - { - "name" : "http://secunia.com/secunia_research/2012-2/", - "refsource" : "MISC", - "url" : "http://secunia.com/secunia_research/2012-2/" - }, - { - "name" : "45166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/45166" - }, - { - "name" : "ntr-stopmodule-code-exec(72295)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72295" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/45166" + }, + { + "name": "21839", + "refsource": "EXPLOIT-DB", + "url": "http://www.exploit-db.com/exploits/21839" + }, + { + "name": "ntr-stopmodule-code-exec(72295)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72295" + }, + { + "name": "http://secunia.com/secunia_research/2012-2/", + "refsource": "MISC", + "url": "http://secunia.com/secunia_research/2012-2/" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0645.json b/2012/0xxx/CVE-2012-0645.json index 0ae8961199c..8f423973771 100644 --- a/2012/0xxx/CVE-2012-0645.json +++ b/2012/0xxx/CVE-2012-0645.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0645", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2012-0645", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "APPLE-SA-2012-03-07-2", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" - }, - { - "name" : "1026774", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026774" - }, - { - "name" : "48288", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48288" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Siri in Apple iOS before 5.1 does not properly restrict the ability of Mail.app to handle voice commands, which allows physically proximate attackers to bypass the locked state via a command that forwards an active e-mail message to an arbitrary recipient." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1026774", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026774" + }, + { + "name": "48288", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48288" + }, + { + "name": "APPLE-SA-2012-03-07-2", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0855.json b/2012/0xxx/CVE-2012-0855.json index 873350923c0..2c5734adc22 100644 --- a/2012/0xxx/CVE-2012-0855.json +++ b/2012/0xxx/CVE-2012-0855.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0855", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-0855", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/01/11" - }, - { - "name" : "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/02/14/4" - }, - { - "name" : "http://ffmpeg.org/security.html", - "refsource" : "CONFIRM", - "url" : "http://ffmpeg.org/security.html" - }, - { - "name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78", - "refsource" : "CONFIRM", - "url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78" - }, - { - "name" : "ffmpeg-getsot-bo(78929)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78929" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Heap-based buffer overflow in the get_sot function in the J2K decoder (j2k.c) in libavcodec in FFmpeg before 0.9.1 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to the curtileno variable." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78", + "refsource": "CONFIRM", + "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3eedf9f716733b3b4c5205726d2c1ca52b3d3d78" + }, + { + "name": "[oss-security] 20120214 Re: CVE Requests for FFmpeg 0.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/14/4" + }, + { + "name": "http://ffmpeg.org/security.html", + "refsource": "CONFIRM", + "url": "http://ffmpeg.org/security.html" + }, + { + "name": "[oss-security] 20120201 Re: CVE Requests for FFmpeg 0.9.1", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/02/01/11" + }, + { + "name": "ffmpeg-getsot-bo(78929)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78929" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1391.json b/2012/1xxx/CVE-2012-1391.json index ac60ed406b8..ca6367e6768 100644 --- a/2012/1xxx/CVE-2012-1391.json +++ b/2012/1xxx/CVE-2012-1391.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1391", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1391", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1391-vulnerability-in-mOffice.html", - "refsource" : "MISC", - "url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1391-vulnerability-in-mOffice.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the mOffice - Outlook sync (com.innov8tion.isharesync) application 3.1 for Android has unknown impact and attack vectors." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1391-vulnerability-in-mOffice.html", + "refsource": "MISC", + "url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1391-vulnerability-in-mOffice.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1736.json b/2012/1xxx/CVE-2012-1736.json index 10533575106..03c1c4a3410 100644 --- a/2012/1xxx/CVE-2012-1736.json +++ b/2012/1xxx/CVE-2012-1736.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1736", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-1736", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - }, - { - "name" : "54514", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/54514" - }, - { - "name" : "83917", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/83917" - }, - { - "name" : "1027264", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027264" - }, - { - "name" : "fusionmiddleware-mapviewermaps-info-disc(76995)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76995" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "83917", + "refsource": "OSVDB", + "url": "http://osvdb.org/83917" + }, + { + "name": "fusionmiddleware-mapviewermaps-info-disc(76995)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76995" + }, + { + "name": "54514", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/54514" + }, + { + "name": "1027264", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027264" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4387.json b/2012/4xxx/CVE-2012-4387.json index d444d37b483..504c993177a 100644 --- a/2012/4xxx/CVE-2012-4387.json +++ b/2012/4xxx/CVE-2012-4387.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4387", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-4387", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/01/4" - }, - { - "name" : "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/09/01/5" - }, - { - "name" : "http://struts.apache.org/2.x/docs/s2-011.html", - "refsource" : "CONFIRM", - "url" : "http://struts.apache.org/2.x/docs/s2-011.html" - }, - { - "name" : "https://issues.apache.org/jira/browse/WW-3860", - "refsource" : "CONFIRM", - "url" : "https://issues.apache.org/jira/browse/WW-3860" - }, - { - "name" : "55346", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/55346" - }, - { - "name" : "50420", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/50420" - }, - { - "name" : "apache-struts-parameters-dos(78183)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "apache-struts-parameters-dos(78183)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78183" + }, + { + "name": "http://struts.apache.org/2.x/docs/s2-011.html", + "refsource": "CONFIRM", + "url": "http://struts.apache.org/2.x/docs/s2-011.html" + }, + { + "name": "[oss-security] 20120901 Re: CVE request: Apache Struts S2-010 and S2-011", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/01/5" + }, + { + "name": "50420", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/50420" + }, + { + "name": "55346", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/55346" + }, + { + "name": "https://issues.apache.org/jira/browse/WW-3860", + "refsource": "CONFIRM", + "url": "https://issues.apache.org/jira/browse/WW-3860" + }, + { + "name": "[oss-security] 20120901 CVE request: Apache Struts S2-010 and S2-011", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/09/01/4" + } + ] + } +} \ No newline at end of file diff --git a/2012/4xxx/CVE-2012-4420.json b/2012/4xxx/CVE-2012-4420.json index 24e43b11c1b..3f1cd3f54f6 100644 --- a/2012/4xxx/CVE-2012-4420.json +++ b/2012/4xxx/CVE-2012-4420.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-4420", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-4420", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5174.json b/2012/5xxx/CVE-2012-5174.json index d50f9a2309d..59f0180a708 100644 --- a/2012/5xxx/CVE-2012-5174.json +++ b/2012/5xxx/CVE-2012-5174.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5174", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "vultures@jpcert.or.jp", + "ID": "CVE-2012-5174", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://jvn.jp/en/jp/JVN83907168/361447/index.html", - "refsource" : "CONFIRM", - "url" : "http://jvn.jp/en/jp/JVN83907168/361447/index.html" - }, - { - "name" : "JVN#83907168", - "refsource" : "JVN", - "url" : "http://jvn.jp/en/jp/JVN83907168/index.html" - }, - { - "name" : "JVNDB-2012-000105", - "refsource" : "JVNDB", - "url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000105" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR devices allow remote attackers to cause a denial of service (persistent reboot) via an e-mail message in an invalid format." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://jvn.jp/en/jp/JVN83907168/361447/index.html", + "refsource": "CONFIRM", + "url": "http://jvn.jp/en/jp/JVN83907168/361447/index.html" + }, + { + "name": "JVNDB-2012-000105", + "refsource": "JVNDB", + "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000105" + }, + { + "name": "JVN#83907168", + "refsource": "JVN", + "url": "http://jvn.jp/en/jp/JVN83907168/index.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5261.json b/2012/5xxx/CVE-2012-5261.json index 93bd42b521a..685e37f8776 100644 --- a/2012/5xxx/CVE-2012-5261.json +++ b/2012/5xxx/CVE-2012-5261.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5261", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2012-5261", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html", - "refsource" : "CONFIRM", - "url" : "http://www.adobe.com/support/security/bulletins/apsb12-22.html" - }, - { - "name" : "openSUSE-SU-2013:0370", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" - }, - { - "name" : "86038", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/86038" - }, - { - "name" : "adobe-cve20125261-code-exec(79082)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79082" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before 3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than other Flash Player memory corruption CVEs listed in APSB12-22." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "openSUSE-SU-2013:0370", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00034.html" + }, + { + "name": "86038", + "refsource": "OSVDB", + "url": "http://osvdb.org/86038" + }, + { + "name": "adobe-cve20125261-code-exec(79082)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79082" + }, + { + "name": "http://www.adobe.com/support/security/bulletins/apsb12-22.html", + "refsource": "CONFIRM", + "url": "http://www.adobe.com/support/security/bulletins/apsb12-22.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5987.json b/2012/5xxx/CVE-2012-5987.json index 00306ac81d5..26608debbb1 100644 --- a/2012/5xxx/CVE-2012-5987.json +++ b/2012/5xxx/CVE-2012-5987.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5987", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5987", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/2xxx/CVE-2017-2584.json b/2017/2xxx/CVE-2017-2584.json index 8d176db45d3..7e198ae9c49 100644 --- a/2017/2xxx/CVE-2017-2584.json +++ b/2017/2xxx/CVE-2017-2584.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert@redhat.com", - "ID" : "CVE-2017-2584", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2017-2584", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2017/01/13/7" - }, - { - "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1413001", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1413001" - }, - { - "name" : "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d" - }, - { - "name" : "DSA-3791", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3791" - }, - { - "name" : "USN-3754-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3754-1/" - }, - { - "name" : "95430", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95430" - }, - { - "name" : "1037603", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037603" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "95430", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95430" + }, + { + "name": "1037603", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037603" + }, + { + "name": "USN-3754-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3754-1/" + }, + { + "name": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d" + }, + { + "name": "DSA-3791", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3791" + }, + { + "name": "[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2017/01/13/7" + }, + { + "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1413001" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3171.json b/2017/3xxx/CVE-2017-3171.json index a38f7b11d56..9fc6f0ea321 100644 --- a/2017/3xxx/CVE-2017-3171.json +++ b/2017/3xxx/CVE-2017-3171.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-3171", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-3171", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3243.json b/2017/3xxx/CVE-2017-3243.json index 90698d99ba7..523e1f5dbd5 100644 --- a/2017/3xxx/CVE-2017-3243.json +++ b/2017/3xxx/CVE-2017-3243.json @@ -1,107 +1,107 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3243", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "MySQL Server", - "version" : { - "version_data" : [ - { - "version_value" : "5.5.53 and earlier" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3243", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "MySQL Server", + "version": { + "version_data": [ + { + "version_value": "5.5.53 and earlier" + } + ] + } + } + ] + }, + "vendor_name": "Oracle" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" - }, - { - "name" : "DSA-3767", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3767" - }, - { - "name" : "DSA-3770", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3770" - }, - { - "name" : "GLSA-201702-17", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-17" - }, - { - "name" : "GLSA-201702-18", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201702-18" - }, - { - "name" : "RHSA-2017:2192", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2192" - }, - { - "name" : "RHSA-2018:0279", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0279" - }, - { - "name" : "RHSA-2018:0574", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:0574" - }, - { - "name" : "95538", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/95538" - }, - { - "name" : "1037640", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1037640" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets). Supported versions that are affected are 5.5.53 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.4 (Availability impacts)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201702-17", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-17" + }, + { + "name": "95538", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/95538" + }, + { + "name": "RHSA-2018:0574", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0574" + }, + { + "name": "GLSA-201702-18", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201702-18" + }, + { + "name": "1037640", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1037640" + }, + { + "name": "RHSA-2018:0279", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:0279" + }, + { + "name": "DSA-3767", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3767" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" + }, + { + "name": "DSA-3770", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3770" + }, + { + "name": "RHSA-2017:2192", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2192" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3355.json b/2017/3xxx/CVE-2017-3355.json index 15b1c6bee7e..e56c00030eb 100644 --- a/2017/3xxx/CVE-2017-3355.json +++ b/2017/3xxx/CVE-2017-3355.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secalert_us@oracle.com", - "ID" : "CVE-2017-3355", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Marketing", - "version" : { - "version_data" : [ - { - "version_affected" : "=", - "version_value" : "12.1.1" - }, - { - "version_affected" : "=", - "version_value" : "12.1.2" - }, - { - "version_affected" : "=", - "version_value" : "12.1.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.3" - }, - { - "version_affected" : "=", - "version_value" : "12.2.4" - }, - { - "version_affected" : "=", - "version_value" : "12.2.5" - }, - { - "version_affected" : "=", - "version_value" : "12.2.6" - } - ] - } - } - ] - }, - "vendor_name" : "Oracle Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2017-3355", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Marketing", + "version": { + "version_data": [ + { + "version_affected": "=", + "version_value": "12.1.1" + }, + { + "version_affected": "=", + "version_value": "12.1.2" + }, + { + "version_affected": "=", + "version_value": "12.1.3" + }, + { + "version_affected": "=", + "version_value": "12.2.3" + }, + { + "version_affected": "=", + "version_value": "12.2.4" + }, + { + "version_affected": "=", + "version_value": "12.2.5" + }, + { + "version_affected": "=", + "version_value": "12.2.6" + } + ] + } + } + ] + }, + "vendor_name": "Oracle Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" - }, - { - "name" : "98059", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98059" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Marketing accessible data as well as unauthorized read access to a subset of Oracle Marketing accessible data." + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "98059", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98059" + }, + { + "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6482.json b/2017/6xxx/CVE-2017-6482.json index 4934916ddb1..cbebcd75326 100644 --- a/2017/6xxx/CVE-2017-6482.json +++ b/2017/6xxx/CVE-2017-6482.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6482", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-6394. Reason: This candidate is a duplicate of CVE-2017-6394. Notes: All CVE users should reference CVE-2017-6394 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2017-6482", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-6394. Reason: This candidate is a duplicate of CVE-2017-6394. Notes: All CVE users should reference CVE-2017-6394 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6489.json b/2017/6xxx/CVE-2017-6489.json index 20a37d1bd29..a43ca32cf5b 100644 --- a/2017/6xxx/CVE-2017-6489.json +++ b/2017/6xxx/CVE-2017-6489.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6489", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6489", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/Telaxus/EPESI/issues/169", - "refsource" : "CONFIRM", - "url" : "https://github.com/Telaxus/EPESI/issues/169" - }, - { - "name" : "96955", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96955" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data (element, state, cat, id, cid) passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96955", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96955" + }, + { + "name": "https://github.com/Telaxus/EPESI/issues/169", + "refsource": "CONFIRM", + "url": "https://github.com/Telaxus/EPESI/issues/169" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6649.json b/2017/6xxx/CVE-2017-6649.json index 0becefa8838..4c92206ef89 100644 --- a/2017/6xxx/CVE-2017-6649.json +++ b/2017/6xxx/CVE-2017-6649.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@cisco.com", - "ID" : "CVE-2017-6649", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Cisco Nexus Series Switches", - "version" : { - "version_data" : [ - { - "version_value" : "Cisco Nexus Series Switches" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@cisco.com", + "ID": "CVE-2017-6649", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Cisco Nexus Series Switches", + "version": { + "version_data": [ + { + "version_value": "Cisco Nexus Series Switches" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss", - "refsource" : "CONFIRM", - "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss" - }, - { - "name" : "98531", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/98531" - }, - { - "name" : "1038518", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038518" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through 7.3 running on Cisco Nexus Series Switches could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient input validation of command arguments. An attacker could exploit this vulnerability by injecting crafted command arguments into a vulnerable CLI command. An exploit could allow the attacker to read or write arbitrary files at the user's privilege level outside of the user's path. Cisco Bug IDs: CSCvb86787, CSCve60516, CSCve60555." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038518", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038518" + }, + { + "name": "98531", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/98531" + }, + { + "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss", + "refsource": "CONFIRM", + "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-nss" + } + ] + } +} \ No newline at end of file diff --git a/2017/6xxx/CVE-2017-6879.json b/2017/6xxx/CVE-2017-6879.json index f22548e4bc2..7305b919fa5 100644 --- a/2017/6xxx/CVE-2017-6879.json +++ b/2017/6xxx/CVE-2017-6879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-6879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-6879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7093.json b/2017/7xxx/CVE-2017-7093.json index ce2e883dc6e..0dbe9db8330 100644 --- a/2017/7xxx/CVE-2017-7093.json +++ b/2017/7xxx/CVE-2017-7093.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "product-security@apple.com", - "ID" : "CVE-2017-7093", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "product-security@apple.com", + "ID": "CVE-2017-7093", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.apple.com/HT208112", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208112" - }, - { - "name" : "https://support.apple.com/HT208113", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208113" - }, - { - "name" : "https://support.apple.com/HT208116", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208116" - }, - { - "name" : "https://support.apple.com/HT208141", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208141" - }, - { - "name" : "https://support.apple.com/HT208142", - "refsource" : "CONFIRM", - "url" : "https://support.apple.com/HT208142" - }, - { - "name" : "100994", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100994" - }, - { - "name" : "1039384", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039384" - }, - { - "name" : "1039428", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039428" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "100994", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100994" + }, + { + "name": "https://support.apple.com/HT208141", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208141" + }, + { + "name": "1039384", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039384" + }, + { + "name": "https://support.apple.com/HT208142", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208142" + }, + { + "name": "https://support.apple.com/HT208113", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208113" + }, + { + "name": "https://support.apple.com/HT208112", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208112" + }, + { + "name": "1039428", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039428" + }, + { + "name": "https://support.apple.com/HT208116", + "refsource": "CONFIRM", + "url": "https://support.apple.com/HT208116" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7223.json b/2017/7xxx/CVE-2017-7223.json index 53c715f8730..6420bb6c004 100644 --- a/2017/7xxx/CVE-2017-7223.json +++ b/2017/7xxx/CVE-2017-7223.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7223", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7223", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20898", - "refsource" : "CONFIRM", - "url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" - }, - { - "name" : "GLSA-201801-01", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201801-01" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "GLSA-201801-01", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201801-01" + }, + { + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898", + "refsource": "CONFIRM", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20898" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10456.json b/2018/10xxx/CVE-2018-10456.json index edc8487efe9..4de91c72304 100644 --- a/2018/10xxx/CVE-2018-10456.json +++ b/2018/10xxx/CVE-2018-10456.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10456", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10456", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10470.json b/2018/10xxx/CVE-2018-10470.json index e5eec203c1a..74ba198426a 100644 --- a/2018/10xxx/CVE-2018-10470.json +++ b/2018/10xxx/CVE-2018-10470.json @@ -1,68 +1,68 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "office@obdev.at", - "DATE_PUBLIC" : "2018-06-12T00:00:00", - "ID" : "CVE-2018-10470", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Little Snitch", - "version" : { - "version_data" : [ - { - "version_value" : "4.0 - 4.0.6" - } - ] - } - } - ] - }, - "vendor_name" : "Objective Development Software GmbH" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-347: Improper Verification of Cryptographic Signature" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "DATE_PUBLIC": "2018-06-12T00:00:00", + "ID": "CVE-2018-10470", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Little Snitch", + "version": { + "version_data": [ + { + "version_value": "4.0 - 4.0.6" + } + ] + } + } + ] + }, + "vendor_name": "Objective Development Software GmbH" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", - "refsource" : "MISC", - "url" : "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" - }, - { - "name" : "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html", - "refsource" : "CONFIRM", - "url" : "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Little Snitch versions 4.0 to 4.0.6 use the SecStaticCodeCheckValidityWithErrors() function without the kSecCSCheckAllArchitectures flag and therefore do not validate all architectures stored in a fat binary. An attacker can maliciously craft a fat binary containing multiple architectures that may cause a situation where Little Snitch treats the running process as having no code signature at all while erroneously indicating that the binary on disk does have a valid code signature. This could lead to users being confused about whether or not the code signature is valid." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-347: Improper Verification of Cryptographic Signature" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html", + "refsource": "CONFIRM", + "url": "https://obdev.at/cve/2018-10470-8FRWkW4oH8.html" + }, + { + "name": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/", + "refsource": "MISC", + "url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10521.json b/2018/10xxx/CVE-2018-10521.json index 13f0ef70c80..9fe9f2a5be2 100644 --- a/2018/10xxx/CVE-2018-10521.json +++ b/2018/10xxx/CVE-2018-10521.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10521", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CMS Made Simple (CMSMS) through 2.2.7, the \"file move\" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10521", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CMS Made Simple (CMSMS) through 2.2.7, the \"file move\" operation in the admin dashboard contains an arbitrary file movement vulnerability that can cause DoS, exploitable by an admin user, because config.php can be moved into an incorrect directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/itodaro/cmsms_cve/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/itodaro/cmsms_cve/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10927.json b/2018/10xxx/CVE-2018-10927.json index e1cbf16a861..41f9b99c104 100644 --- a/2018/10xxx/CVE-2018-10927.json +++ b/2018/10xxx/CVE-2018-10927.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "anemec@redhat.com", - "ID" : "CVE-2018-10927", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "glusterfs", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "Red Hat" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process." - } - ] - }, - "impact" : { - "cvss" : [ - [ - { - "vectorString" : "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", - "version" : "3.0" - } - ] - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-20" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2018-10927", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "glusterfs", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "Red Hat" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", - "refsource" : "MLIST", - "url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927" - }, - { - "name" : "RHSA-2018:2607", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2607" - }, - { - "name" : "RHSA-2018:2608", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:2608" - }, - { - "name" : "RHSA-2018:3470", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2018:3470" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.1/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", + "version": "3.0" + } + ] + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-20" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2018:2607", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2607" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10927" + }, + { + "name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", + "refsource": "MLIST", + "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html" + }, + { + "name": "RHSA-2018:2608", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:2608" + }, + { + "name": "RHSA-2018:3470", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2018:3470" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14523.json b/2018/14xxx/CVE-2018-14523.json index 620cb6275e4..7d6b06abb03 100644 --- a/2018/14xxx/CVE-2018-14523.json +++ b/2018/14xxx/CVE-2018-14523.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14523", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14523", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/aubio/aubio/issues/189", - "refsource" : "MISC", - "url" : "https://github.com/aubio/aubio/issues/189" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/aubio/aubio/issues/189", + "refsource": "MISC", + "url": "https://github.com/aubio/aubio/issues/189" + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14550.json b/2018/14xxx/CVE-2018-14550.json index cca7febf311..145e824a98f 100644 --- a/2018/14xxx/CVE-2018-14550.json +++ b/2018/14xxx/CVE-2018-14550.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14550", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14550", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/14xxx/CVE-2018-14596.json b/2018/14xxx/CVE-2018-14596.json index ebffbc23513..7fcac15bb51 100644 --- a/2018/14xxx/CVE-2018-14596.json +++ b/2018/14xxx/CVE-2018-14596.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-14596", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-14596", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/HUILYUH/wancms/blob/master/README.md", - "refsource" : "MISC", - "url" : "https://github.com/HUILYUH/wancms/blob/master/README.md" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are large numbers." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/HUILYUH/wancms/blob/master/README.md", + "refsource": "MISC", + "url": "https://github.com/HUILYUH/wancms/blob/master/README.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17212.json b/2018/17xxx/CVE-2018-17212.json index 573ca79f41a..99442cde7a5 100644 --- a/2018/17xxx/CVE-2018-17212.json +++ b/2018/17xxx/CVE-2018-17212.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17212", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17212", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17242.json b/2018/17xxx/CVE-2018-17242.json index ca0bd4724f4..0e866ba0811 100644 --- a/2018/17xxx/CVE-2018-17242.json +++ b/2018/17xxx/CVE-2018-17242.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17242", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17242", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17580.json b/2018/17xxx/CVE-2018-17580.json index 4883a854f22..1c380001b5e 100644 --- a/2018/17xxx/CVE-2018-17580.json +++ b/2018/17xxx/CVE-2018-17580.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17580", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17580", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay", - "refsource" : "MISC", - "url" : "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay" - }, - { - "name" : "https://github.com/appneta/tcpreplay/issues/485", - "refsource" : "MISC", - "url" : "https://github.com/appneta/tcpreplay/issues/485" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A heap-based buffer over-read exists in the function fast_edit_packet() in the file send_packets.c of Tcpreplay v4.3.0 beta1. This can lead to Denial of Service (DoS) and potentially Information Exposure when the application attempts to process a crafted pcap file." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay", + "refsource": "MISC", + "url": "https://github.com/SegfaultMasters/covering360/blob/master/tcpreplay" + }, + { + "name": "https://github.com/appneta/tcpreplay/issues/485", + "refsource": "MISC", + "url": "https://github.com/appneta/tcpreplay/issues/485" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20205.json b/2018/20xxx/CVE-2018-20205.json index 48385f7eb46..d274882a459 100644 --- a/2018/20xxx/CVE-2018-20205.json +++ b/2018/20xxx/CVE-2018-20205.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20205", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20205", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20410.json b/2018/20xxx/CVE-2018-20410.json index fcd464bb5cb..b7a5f607b84 100644 --- a/2018/20xxx/CVE-2018-20410.json +++ b/2018/20xxx/CVE-2018-20410.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20410", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20410", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/Debugging.md", - "refsource" : "MISC", - "url" : "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/Debugging.md" - }, - { - "name" : "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/poc.py", - "refsource" : "MISC", - "url" : "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/poc.py" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "WellinTech KingSCADA before 3.7.0.0.1 contains a stack-based buffer overflow. The vulnerability is triggered when sending a specially crafted packet to the AlarmServer (AEserver.exe) service listening on TCP port 12401." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/poc.py", + "refsource": "MISC", + "url": "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/poc.py" + }, + { + "name": "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/Debugging.md", + "refsource": "MISC", + "url": "https://github.com/flypuma/vul/blob/master/kingview/copy_argumengt_overflow/Debugging.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20429.json b/2018/20xxx/CVE-2018-20429.json index b479ae21770..caa01bd04e9 100644 --- a/2018/20xxx/CVE-2018-20429.json +++ b/2018/20xxx/CVE-2018-20429.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20429", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20429", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/libming/libming/issues/160", - "refsource" : "MISC", - "url" : "https://github.com/libming/libming/issues/160" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "libming 0.4.8 has a NULL pointer dereference in the getName function of the decompile.c file, a different vulnerability than CVE-2018-7872 and CVE-2018-9165." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/libming/libming/issues/160", + "refsource": "MISC", + "url": "https://github.com/libming/libming/issues/160" + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20610.json b/2018/20xxx/CVE-2018-20610.json index aaa84d93615..ae7bc57b2b0 100644 --- a/2018/20xxx/CVE-2018-20610.json +++ b/2018/20xxx/CVE-2018-20610.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20610", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20610", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#directory-traversal", - "refsource" : "MISC", - "url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#directory-traversal" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "imcat 4.4 allows directory traversal via the root/run/adm.php efile parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#directory-traversal", + "refsource": "MISC", + "url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#directory-traversal" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9315.json b/2018/9xxx/CVE-2018-9315.json index c9b83812f71..1b5355ccd67 100644 --- a/2018/9xxx/CVE-2018-9315.json +++ b/2018/9xxx/CVE-2018-9315.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9315", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9314. Reason: This candidate is a reservation duplicate of CVE-2018-9314. Notes: All CVE users should reference CVE-2018-9314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-9315", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-9314. Reason: This candidate is a reservation duplicate of CVE-2018-9314. Notes: All CVE users should reference CVE-2018-9314 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9390.json b/2018/9xxx/CVE-2018-9390.json index 10a5b09dca3..c1c4488ad84 100644 --- a/2018/9xxx/CVE-2018-9390.json +++ b/2018/9xxx/CVE-2018-9390.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9390", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9390", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9921.json b/2018/9xxx/CVE-2018-9921.json index 40da9a0c99a..998fafd67bd 100644 --- a/2018/9xxx/CVE-2018-9921.json +++ b/2018/9xxx/CVE-2018-9921.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9921", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9921", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98", - "refsource" : "MISC", - "url" : "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an admin/checksum.php?__c= request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98", + "refsource": "MISC", + "url": "https://gist.github.com/0xn1k5/ef4c7c7a26c7d8a803ef3a85f1000c98" + } + ] + } +} \ No newline at end of file