diff --git a/2002/1xxx/CVE-2002-1259.json b/2002/1xxx/CVE-2002-1259.json index 82e819449c7..3a9d83fdfd1 100644 --- a/2002/1xxx/CVE-2002-1259.json +++ b/2002/1xxx/CVE-2002-1259.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1259", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2002-1259", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1286. Reason: This candidate is a reservation duplicate of CVE-2002-1286. Notes: All CVE users should reference CVE-2002-1286 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1551.json b/2002/1xxx/CVE-2002-1551.json index b46a0ea8a07..a817fe2731f 100644 --- a/2002/1xxx/CVE-2002-1551.json +++ b/2002/1xxx/CVE-2002-1551.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1551", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1551", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "IY34670", - "refsource" : "AIXAPAR", - "url" : "http://archives.neohapsis.com/archives/aix/2002-q4/0002.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "IY34670", + "refsource": "AIXAPAR", + "url": "http://archives.neohapsis.com/archives/aix/2002-q4/0002.html" + } + ] + } +} \ No newline at end of file diff --git a/2002/1xxx/CVE-2002-1788.json b/2002/1xxx/CVE-2002-1788.json index 63839fb81db..8d8432f9ba7 100644 --- a/2002/1xxx/CVE-2002-1788.json +++ b/2002/1xxx/CVE-2002-1788.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2002-1788", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2002-1788", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20020704 nn remote format string vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://online.securityfocus.com/archive/1/280639" - }, - { - "name" : "5160", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/5160" - }, - { - "name" : "27086", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/27086" - }, - { - "name" : "nn-error-msg-format-string(9491)", - "refsource" : "XF", - "url" : "http://www.iss.net/security_center/static/9491.php" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Format string vulnerability in the nn_exitmsg function in nn 6.6.0 through 6.6.3 allows remote NNTP servers to execute arbitrary code via format strings in server responses." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "27086", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/27086" + }, + { + "name": "5160", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/5160" + }, + { + "name": "nn-error-msg-format-string(9491)", + "refsource": "XF", + "url": "http://www.iss.net/security_center/static/9491.php" + }, + { + "name": "20020704 nn remote format string vulnerability", + "refsource": "BUGTRAQ", + "url": "http://online.securityfocus.com/archive/1/280639" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0276.json b/2003/0xxx/CVE-2003-0276.json index 42ce1effe2e..5433162def1 100644 --- a/2003/0xxx/CVE-2003-0276.json +++ b/2003/0xxx/CVE-2003-0276.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0276", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0276", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030428 Pi3Web 2.0.1 DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105155818012718&w=2" - }, - { - "name" : "20030512 Unix Version of the Pi3web DoS", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105275789410250&w=2" - }, - { - "name" : "7555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/7555" - }, - { - "name" : "pi3web-get-request-bo(11889)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11889" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "pi3web-get-request-bo(11889)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11889" + }, + { + "name": "7555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/7555" + }, + { + "name": "20030512 Unix Version of the Pi3web DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105275789410250&w=2" + }, + { + "name": "20030428 Pi3Web 2.0.1 DoS", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105155818012718&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0480.json b/2003/0xxx/CVE-2003-0480.json index 13d8eb57416..48cdd60766a 100644 --- a/2003/0xxx/CVE-2003-0480.json +++ b/2003/0xxx/CVE-2003-0480.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0480", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via \"symlink manipulation.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0480", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030627 VMware Workstation 4.0: Possible privilege escalation on the host", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105673688529147&w=2" - }, - { - "name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019", - "refsource" : "CONFIRM", - "url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via \"symlink manipulation.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019", + "refsource": "CONFIRM", + "url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019" + }, + { + "name": "20030627 VMware Workstation 4.0: Possible privilege escalation on the host", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105673688529147&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0572.json b/2003/0xxx/CVE-2003-0572.json index 8b9893fd8cb..7048123d953 100644 --- a/2003/0xxx/CVE-2003-0572.json +++ b/2003/0xxx/CVE-2003-0572.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0572", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0572", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030701-01-P", - "refsource" : "SGI", - "url" : "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P" - }, - { - "name" : "8587", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/8587" - }, - { - "name" : "irix-nsd-map-dos(12635)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12635" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, allows attackers to cause a denial of service (memory consumption)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20030701-01-P", + "refsource": "SGI", + "url": "ftp://patches.sgi.com/support/free/security/advisories/20030701-01-P" + }, + { + "name": "irix-nsd-map-dos(12635)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12635" + }, + { + "name": "8587", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/8587" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0633.json b/2003/0xxx/CVE-2003-0633.json index fa673eac2a3..031406512ec 100644 --- a/2003/0xxx/CVE-2003-0633.json +++ b/2003/0xxx/CVE-2003-0633.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0633", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0633", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105906689120237&w=2" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf" - }, - { - "name" : "8268", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8268" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J Setup Test Suite in Oracle E-Business Suite 11.5.1 through 11.5.8 allow a remote attacker to obtain sensitive information without authentication, such as the GUEST user password and the application server security key." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8268", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8268" + }, + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert55.pdf" + }, + { + "name": "20030724 Integrigy Security Alert - Oracle E-Business Suite AOL/J Setup Test Information Disclosure", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105906689120237&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/0xxx/CVE-2003-0634.json b/2003/0xxx/CVE-2003-0634.json index 4bf311f17e9..827153ef5f2 100644 --- a/2003/0xxx/CVE-2003-0634.json +++ b/2003/0xxx/CVE-2003-0634.json @@ -1,97 +1,97 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-0634", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-0634", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105914979629857&w=2" - }, - { - "name" : "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", - "refsource" : "NTBUGTRAQ", - "url" : "http://marc.info/?l=ntbugtraq&m=105915485303327&w=2" - }, - { - "name" : "20030725 question about oracle advisory", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=105916455814904&w=2" - }, - { - "name" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf", - "refsource" : "CONFIRM", - "url" : "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf" - }, - { - "name" : "20030912 Update to the Oracle EXTPROC advisory", - "refsource" : "VULNWATCH", - "url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html" - }, - { - "name" : "VU#936868", - "refsource" : "CERT-VN", - "url" : "http://www.kb.cert.org/vuls/id/936868" - }, - { - "name" : "8267", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8267" - }, - { - "name" : "oracle-extproc-bo(12721)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf", + "refsource": "CONFIRM", + "url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf" + }, + { + "name": "20030725 question about oracle advisory", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105916455814904&w=2" + }, + { + "name": "8267", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8267" + }, + { + "name": "oracle-extproc-bo(12721)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721" + }, + { + "name": "20030912 Update to the Oracle EXTPROC advisory", + "refsource": "VULNWATCH", + "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html" + }, + { + "name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", + "refsource": "NTBUGTRAQ", + "url": "http://marc.info/?l=ntbugtraq&m=105915485303327&w=2" + }, + { + "name": "VU#936868", + "refsource": "CERT-VN", + "url": "http://www.kb.cert.org/vuls/id/936868" + }, + { + "name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=105914979629857&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1412.json b/2003/1xxx/CVE-2003-1412.json index 1c713f9c41c..6283a32699d 100644 --- a/2003/1xxx/CVE-2003-1412.json +++ b/2003/1xxx/CVE-2003-1412.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1412", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1412", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20030224 GOnicus System Administrator php injection", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/313282/30/25760/threaded" - }, - { - "name" : "20030223 GOnicus System Administrator php injection", - "refsource" : "FULLDISC", - "url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html" - }, - { - "name" : "6922", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/6922" - }, - { - "name" : "1006162", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1006162" - }, - { - "name" : "8120", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/8120" - }, - { - "name" : "gosa-plugin-file-include(11408)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11408" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "PHP remote file inclusion vulnerability in index.php for GONiCUS System Administrator (GOsa) 1.0 allows remote attackers to execute arbitrary PHP code via the plugin parameter to (1) 3fax/1blocklists/index.php; (2) 6departamentadmin/index.php, (3) 5terminals/index.php, (4) 4mailinglists/index.php, (5) 3departaments/index.php, and (6) 2groupd/index.php in 2administration/; or (7) the base parameter to include/help.php." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "8120", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/8120" + }, + { + "name": "gosa-plugin-file-include(11408)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11408" + }, + { + "name": "20030224 GOnicus System Administrator php injection", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/313282/30/25760/threaded" + }, + { + "name": "20030223 GOnicus System Administrator php injection", + "refsource": "FULLDISC", + "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-February/003932.html" + }, + { + "name": "6922", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/6922" + }, + { + "name": "1006162", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1006162" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1505.json b/2003/1xxx/CVE-2003-1505.json index dfc989603d4..563b2176a6b 100644 --- a/2003/1xxx/CVE-2003-1505.json +++ b/2003/1xxx/CVE-2003-1505.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20031022 IE6 CSS-Crash", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/342010" - }, - { - "name" : "8874", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8874" - }, - { - "name" : "3295", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/3295" - }, - { - "name" : "ie-scrollbarbasecolor-dos(13809)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13809" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "3295", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/3295" + }, + { + "name": "8874", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8874" + }, + { + "name": "20031022 IE6 CSS-Crash", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/342010" + }, + { + "name": "ie-scrollbarbasecolor-dos(13809)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13809" + } + ] + } +} \ No newline at end of file diff --git a/2003/1xxx/CVE-2003-1510.json b/2003/1xxx/CVE-2003-1510.json index 0c6f84eafe2..ba481fcb482 100644 --- a/2003/1xxx/CVE-2003-1510.json +++ b/2003/1xxx/CVE-2003-1510.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2003-1510", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a \".%00.\" in an HTTP GET request to the cgi-bin directory." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2003-1510", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html", - "refsource" : "MISC", - "url" : "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html" - }, - { - "name" : "8810", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/8810" - }, - { - "name" : "tinyweb-httpget-dos(13402)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13402" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a \".%00.\" in an HTTP GET request to the cgi-bin directory." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "tinyweb-httpget-dos(13402)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13402" + }, + { + "name": "8810", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/8810" + }, + { + "name": "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html", + "refsource": "MISC", + "url": "http://www.securiteam.com/windowsntfocus/6S0052K8LQ.html" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0359.json b/2004/0xxx/CVE-2004-0359.json index d637b255d4d..275127a13ae 100644 --- a/2004/0xxx/CVE-2004-0359.json +++ b/2004/0xxx/CVE-2004-0359.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0359", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0359", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity", - "refsource" : "BUGTRAQ", - "url" : "http://marc.info/?l=bugtraq&m=107851589701916&w=2" - }, - { - "name" : "9768", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9768" - }, - { - "name" : "4154", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/4154" - }, - { - "name" : "11053", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/11053" - }, - { - "name" : "invision-xss(15403)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "9768", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9768" + }, + { + "name": "4154", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/4154" + }, + { + "name": "invision-xss(15403)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15403" + }, + { + "name": "20040305 Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity", + "refsource": "BUGTRAQ", + "url": "http://marc.info/?l=bugtraq&m=107851589701916&w=2" + }, + { + "name": "11053", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/11053" + } + ] + } +} \ No newline at end of file diff --git a/2004/0xxx/CVE-2004-0790.json b/2004/0xxx/CVE-2004-0790.json index 4ccb7e7a7f0..4b06c7c4280 100644 --- a/2004/0xxx/CVE-2004-0790.json +++ b/2004/0xxx/CVE-2004-0790.json @@ -1,207 +1,207 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-0790", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the \"blind connection-reset attack.\" NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-0790", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt", - "refsource" : "MISC", - "url" : "http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt" - }, - { - "name" : "http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en", - "refsource" : "MISC", - "url" : "http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en" - }, - { - "name" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", - "refsource" : "MISC", - "url" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" - }, - { - "name" : "HPSBTU01210", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=112861397904255&w=2" - }, - { - "name" : "SSRT4743", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=112861397904255&w=2" - }, - { - "name" : "HPSBUX01164", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/418882/100/0/threaded" - }, - { - "name" : "SSRT4884", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/418882/100/0/threaded" - }, - { - "name" : "HPSBST02161", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "SSRT061264", - "refsource" : "HP", - "url" : "http://www.securityfocus.com/archive/1/449179/100/0/threaded" - }, - { - "name" : "MS05-019", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019" - }, - { - "name" : "MS06-064", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064" - }, - { - "name" : "SCOSA-2006.4", - "refsource" : "SCO", - "url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt" - }, - { - "name" : "57746", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1" - }, - { - "name" : "101658", - "refsource" : "SUNALERT", - "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1" - }, - { - "name" : "13124", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/13124" - }, - { - "name" : "ADV-2006-3983", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2006/3983" - }, - { - "name" : "oval:org.mitre.oval:def:3458", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3458" - }, - { - "name" : "oval:org.mitre.oval:def:1910", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1910" - }, - { - "name" : "oval:org.mitre.oval:def:4804", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4804" - }, - { - "name" : "oval:org.mitre.oval:def:1177", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1177" - }, - { - "name" : "oval:org.mitre.oval:def:176", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A176" - }, - { - "name" : "oval:org.mitre.oval:def:211", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A211" - }, - { - "name" : "oval:org.mitre.oval:def:412", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A412" - }, - { - "name" : "oval:org.mitre.oval:def:514", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A514" - }, - { - "name" : "oval:org.mitre.oval:def:53", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A53" - }, - { - "name" : "oval:org.mitre.oval:def:622", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A622" - }, - { - "name" : "18317", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/18317" - }, - { - "name" : "22341", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/22341" - }, - { - "name" : "19", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/19" - }, - { - "name" : "57", - "refsource" : "SREASON", - "url" : "http://securityreason.com/securityalert/57" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the \"blind connection-reset attack.\" NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:412", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A412" + }, + { + "name": "oval:org.mitre.oval:def:4804", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4804" + }, + { + "name": "13124", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/13124" + }, + { + "name": "HPSBUX01164", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/418882/100/0/threaded" + }, + { + "name": "SSRT061264", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "oval:org.mitre.oval:def:176", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A176" + }, + { + "name": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html", + "refsource": "MISC", + "url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html" + }, + { + "name": "MS06-064", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064" + }, + { + "name": "oval:org.mitre.oval:def:514", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A514" + }, + { + "name": "oval:org.mitre.oval:def:1910", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1910" + }, + { + "name": "SSRT4743", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=112861397904255&w=2" + }, + { + "name": "HPSBTU01210", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=112861397904255&w=2" + }, + { + "name": "57746", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1" + }, + { + "name": "MS05-019", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019" + }, + { + "name": "101658", + "refsource": "SUNALERT", + "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1" + }, + { + "name": "SCOSA-2006.4", + "refsource": "SCO", + "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt" + }, + { + "name": "oval:org.mitre.oval:def:1177", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1177" + }, + { + "name": "HPSBST02161", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded" + }, + { + "name": "18317", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/18317" + }, + { + "name": "oval:org.mitre.oval:def:3458", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3458" + }, + { + "name": "http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en", + "refsource": "MISC", + "url": "http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en" + }, + { + "name": "oval:org.mitre.oval:def:211", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A211" + }, + { + "name": "19", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/19" + }, + { + "name": "SSRT4884", + "refsource": "HP", + "url": "http://www.securityfocus.com/archive/1/418882/100/0/threaded" + }, + { + "name": "57", + "refsource": "SREASON", + "url": "http://securityreason.com/securityalert/57" + }, + { + "name": "22341", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/22341" + }, + { + "name": "ADV-2006-3983", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2006/3983" + }, + { + "name": "http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt", + "refsource": "MISC", + "url": "http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt" + }, + { + "name": "oval:org.mitre.oval:def:53", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A53" + }, + { + "name": "oval:org.mitre.oval:def:622", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A622" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2137.json b/2004/2xxx/CVE-2004-2137.json index 19370aafe16..22d92118eb7 100644 --- a/2004/2xxx/CVE-2004-2137.json +++ b/2004/2xxx/CVE-2004-2137.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2137", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Outlook Express 6.0, when sending multipart e-mail messages using the \"Break apart messages larger than\" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2137", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.networksecurity.fi/advisories/outlook-bcc.html", - "refsource" : "MISC", - "url" : "http://www.networksecurity.fi/advisories/outlook-bcc.html" - }, - { - "name" : "843555", - "refsource" : "MSKB", - "url" : "http://support.microsoft.com/kb/843555" - }, - { - "name" : "11040", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/11040" - }, - { - "name" : "9167", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/9167" - }, - { - "name" : "1011067", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1011067" - }, - { - "name" : "12376", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/12376" - }, - { - "name" : "outlook-email-address-disclosure(17098)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17098" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Outlook Express 6.0, when sending multipart e-mail messages using the \"Break apart messages larger than\" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fields, which may allow remote attackers to obtain sensitive information." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11040", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/11040" + }, + { + "name": "http://www.networksecurity.fi/advisories/outlook-bcc.html", + "refsource": "MISC", + "url": "http://www.networksecurity.fi/advisories/outlook-bcc.html" + }, + { + "name": "1011067", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1011067" + }, + { + "name": "outlook-email-address-disclosure(17098)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17098" + }, + { + "name": "843555", + "refsource": "MSKB", + "url": "http://support.microsoft.com/kb/843555" + }, + { + "name": "12376", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/12376" + }, + { + "name": "9167", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/9167" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2170.json b/2004/2xxx/CVE-2004-2170.json index 8b702ad380c..6cd7243bfcd 100644 --- a/2004/2xxx/CVE-2004-2170.json +++ b/2004/2xxx/CVE-2004-2170.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2170", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2170", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://members.lycos.co.uk/r34ct/main/Caravan/Caravan.txt", - "refsource" : "MISC", - "url" : "http://members.lycos.co.uk/r34ct/main/Caravan/Caravan.txt" - }, - { - "name" : "9555", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/9555" - }, - { - "name" : "3787", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/3787" - }, - { - "name" : "1008913", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1008913" - }, - { - "name" : "10763", - "refsource" : "SECUNIA", - "url" : "http://www.secunia.com/advisories/10763/" - }, - { - "name" : "caravan-dotdot-directory-traveral(15004)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15004" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://members.lycos.co.uk/r34ct/main/Caravan/Caravan.txt", + "refsource": "MISC", + "url": "http://members.lycos.co.uk/r34ct/main/Caravan/Caravan.txt" + }, + { + "name": "10763", + "refsource": "SECUNIA", + "url": "http://www.secunia.com/advisories/10763/" + }, + { + "name": "caravan-dotdot-directory-traveral(15004)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15004" + }, + { + "name": "9555", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/9555" + }, + { + "name": "3787", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/3787" + }, + { + "name": "1008913", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1008913" + } + ] + } +} \ No newline at end of file diff --git a/2004/2xxx/CVE-2004-2251.json b/2004/2xxx/CVE-2004-2251.json index ae1b6c871ef..bc77d00683a 100644 --- a/2004/2xxx/CVE-2004-2251.json +++ b/2004/2xxx/CVE-2004-2251.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2004-2251", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2004-2251", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.astaro.org/showflat.php?Cat=&Number=51459&page=0&view=collapsed&sb=5&o=&fpart=1#51459", - "refsource" : "CONFIRM", - "url" : "http://www.astaro.org/showflat.php?Cat=&Number=51459&page=0&view=collapsed&sb=5&o=&fpart=1#51459" - }, - { - "name" : "11406", - "refsource" : "OSVDB", - "url" : "http://www.osvdb.org/11406" - }, - { - "name" : "1012065", - "refsource" : "SECTRACK", - "url" : "http://securitytracker.com/id?1012065" - }, - { - "name" : "13089", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/13089" - }, - { - "name" : "astaro-pptp-info-disclosure(17959)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "11406", + "refsource": "OSVDB", + "url": "http://www.osvdb.org/11406" + }, + { + "name": "http://www.astaro.org/showflat.php?Cat=&Number=51459&page=0&view=collapsed&sb=5&o=&fpart=1#51459", + "refsource": "CONFIRM", + "url": "http://www.astaro.org/showflat.php?Cat=&Number=51459&page=0&view=collapsed&sb=5&o=&fpart=1#51459" + }, + { + "name": "astaro-pptp-info-disclosure(17959)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17959" + }, + { + "name": "13089", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/13089" + }, + { + "name": "1012065", + "refsource": "SECTRACK", + "url": "http://securitytracker.com/id?1012065" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2257.json b/2008/2xxx/CVE-2008-2257.json index 8517e659a87..02046a65f23 100644 --- a/2008/2xxx/CVE-2008-2257.json +++ b/2008/2xxx/CVE-2008-2257.json @@ -1,112 +1,112 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2257", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object \"appended in a specific order,\" aka \"HTML Objects Memory Corruption Vulnerability\" or \"XHTML Rendering Memory Corruption Vulnerability,\" a different vulnerability than CVE-2008-2258." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2008-2257", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080812 ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/495430/100/0/threaded" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-050/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-050/" - }, - { - "name" : "HPSBST02360", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "SSRT080117", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=121915960406986&w=2" - }, - { - "name" : "MS08-045", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045" - }, - { - "name" : "TA08-225A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" - }, - { - "name" : "30613", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/30613" - }, - { - "name" : "oval:org.mitre.oval:def:5266", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5266" - }, - { - "name" : "ADV-2008-2349", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/2349" - }, - { - "name" : "1020674", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020674" - }, - { - "name" : "31375", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/31375" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object \"appended in a specific order,\" aka \"HTML Objects Memory Corruption Vulnerability\" or \"XHTML Rendering Memory Corruption Vulnerability,\" a different vulnerability than CVE-2008-2258." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ADV-2008-2349", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/2349" + }, + { + "name": "TA08-225A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA08-225A.html" + }, + { + "name": "30613", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/30613" + }, + { + "name": "1020674", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020674" + }, + { + "name": "HPSBST02360", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "SSRT080117", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=121915960406986&w=2" + }, + { + "name": "MS08-045", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-045" + }, + { + "name": "20080812 ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/495430/100/0/threaded" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-050/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-050/" + }, + { + "name": "31375", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/31375" + }, + { + "name": "oval:org.mitre.oval:def:5266", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5266" + } + ] + } +} \ No newline at end of file diff --git a/2008/2xxx/CVE-2008-2541.json b/2008/2xxx/CVE-2008-2541.json index 1157e6c1708..150483d6930 100644 --- a/2008/2xxx/CVE-2008-2541.json +++ b/2008/2xxx/CVE-2008-2541.json @@ -1,127 +1,127 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2008-2541", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2008-2541", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493087/100/0/threaded" - }, - { - "name" : "20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493084/100/0/threaded" - }, - { - "name" : "20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493082/100/0/threaded" - }, - { - "name" : "20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/493124/100/0/threaded" - }, - { - "name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05", - "refsource" : "MISC", - "url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-035/", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-035/" - }, - { - "name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-036", - "refsource" : "MISC", - "url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-036" - }, - { - "name" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408", - "refsource" : "CONFIRM", - "url" : "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408" - }, - { - "name" : "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3", - "refsource" : "CONFIRM", - "url" : "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3" - }, - { - "name" : "29528", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/29528" - }, - { - "name" : "ADV-2008-1741", - "refsource" : "VUPEN", - "url" : "http://www.vupen.com/english/advisories/2008/1741/references" - }, - { - "name" : "1020167", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1020167" - }, - { - "name" : "30518", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/30518" - }, - { - "name" : "ca-etrust-scm-ftp-bo(42821)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple stack-based buffer overflows in the HTTP Gateway Service (icihttp.exe) in CA eTrust Secure Content Manager 8.0 allow remote attackers to execute arbitrary code or cause a denial of service via long FTP responses, related to (1) the file month field in a LIST command; (2) the PASV command; and (3) directories, files, and links in a LIST command." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "20080604 TPTI-08-05: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493087/100/0/threaded" + }, + { + "name": "30518", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/30518" + }, + { + "name": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05", + "refsource": "MISC", + "url": "http://dvlabs.tippingpoint.com/advisory/TPTI-08-05" + }, + { + "name": "29528", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/29528" + }, + { + "name": "20080604 ZDI-08-036: CA ETrust Secure Content Manager Gateway FTP LIST Stack Overflow", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493082/100/0/threaded" + }, + { + "name": "20080604 CA Secure Content Manager HTTP Gateway Service FTP Request Vulnerabilities", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493124/100/0/threaded" + }, + { + "name": "ADV-2008-1741", + "refsource": "VUPEN", + "url": "http://www.vupen.com/english/advisories/2008/1741/references" + }, + { + "name": "1020167", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1020167" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-035/" + }, + { + "name": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408", + "refsource": "CONFIRM", + "url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36408" + }, + { + "name": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3", + "refsource": "CONFIRM", + "url": "https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=QO99987&os=NT&actionID=3" + }, + { + "name": "20080604 ZDI-08-035: CA ETrust Secure Content Manager Gateway FTP PASV Stack Overflow Vulnerability", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/493084/100/0/threaded" + }, + { + "name": "ca-etrust-scm-ftp-bo(42821)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42821" + }, + { + "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-036", + "refsource": "MISC", + "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-036" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0733.json b/2012/0xxx/CVE-2012-0733.json index 512d44176cb..6636dee0605 100644 --- a/2012/0xxx/CVE-2012-0733.json +++ b/2012/0xxx/CVE-2012-0733.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0733", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@us.ibm.com", + "ID": "CVE-2012-0733", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", - "refsource" : "CONFIRM", - "url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" - }, - { - "name" : "53247", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/53247" - }, - { - "name" : "48967", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48967" - }, - { - "name" : "48968", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48968" - }, - { - "name" : "ae-serviceacct-session-hijacking(74374)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when Integrated Windows authentication is used, allows remote authenticated users to obtain administrative privileges by hijacking a session associated with the service account." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "ae-serviceacct-session-hijacking(74374)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74374" + }, + { + "name": "48967", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48967" + }, + { + "name": "http://www.ibm.com/support/docview.wss?uid=swg21592188", + "refsource": "CONFIRM", + "url": "http://www.ibm.com/support/docview.wss?uid=swg21592188" + }, + { + "name": "48968", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48968" + }, + { + "name": "53247", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/53247" + } + ] + } +} \ No newline at end of file diff --git a/2012/0xxx/CVE-2012-0923.json b/2012/0xxx/CVE-2012-0923.json index 98345916d38..edb1484fef0 100644 --- a/2012/0xxx/CVE-2012-0923.json +++ b/2012/0xxx/CVE-2012-0923.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-0923", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-0923", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://service.real.com/realplayer/security/02062012_player/en/", - "refsource" : "CONFIRM", - "url" : "http://service.real.com/realplayer/security/02062012_player/en/" - }, - { - "name" : "51884", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51884" - }, - { - "name" : "78912", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/78912" - }, - { - "name" : "47896", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/47896" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "47896", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/47896" + }, + { + "name": "http://service.real.com/realplayer/security/02062012_player/en/", + "refsource": "CONFIRM", + "url": "http://service.real.com/realplayer/security/02062012_player/en/" + }, + { + "name": "78912", + "refsource": "OSVDB", + "url": "http://osvdb.org/78912" + }, + { + "name": "51884", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51884" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1006.json b/2012/1xxx/CVE-2012-1006.json index 154ad9466c4..d2bc1ea201d 100644 --- a/2012/1xxx/CVE-2012-1006.json +++ b/2012/1xxx/CVE-2012-1006.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1006", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1006", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt", - "refsource" : "MISC", - "url" : "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt" - }, - { - "name" : "http://secpod.org/blog/?p=450", - "refsource" : "MISC", - "url" : "http://secpod.org/blog/?p=450" - }, - { - "name" : "51902", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/51902" - }, - { - "name" : "apache-struts-multiple-xss(72888)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72888" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://secpod.org/blog/?p=450", + "refsource": "MISC", + "url": "http://secpod.org/blog/?p=450" + }, + { + "name": "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt", + "refsource": "MISC", + "url": "http://secpod.org/advisories/SecPod_Apache_Struts_Multiple_Parsistant_XSS_Vulns.txt" + }, + { + "name": "apache-struts-multiple-xss(72888)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72888" + }, + { + "name": "51902", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/51902" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1135.json b/2012/1xxx/CVE-2012-1135.json index 50cc2fa38d5..766472873b3 100644 --- a/2012/1xxx/CVE-2012-1135.json +++ b/2012/1xxx/CVE-2012-1135.json @@ -1,162 +1,162 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1135", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1135", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16" - }, - { - "name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", - "refsource" : "CONFIRM", - "url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" - }, - { - "name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800593", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800593" - }, - { - "name" : "http://support.apple.com/kb/HT5503", - "refsource" : "CONFIRM", - "url" : "http://support.apple.com/kb/HT5503" - }, - { - "name" : "APPLE-SA-2012-09-19-1", - "refsource" : "APPLE", - "url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" - }, - { - "name" : "GLSA-201204-04", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml" - }, - { - "name" : "MDVSA-2012:057", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" - }, - { - "name" : "SUSE-SU-2012:0483", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" - }, - { - "name" : "SUSE-SU-2012:0521", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" - }, - { - "name" : "SUSE-SU-2012:0484", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" - }, - { - "name" : "openSUSE-SU-2012:0489", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" - }, - { - "name" : "USN-1403-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1403-1" - }, - { - "name" : "52318", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52318" - }, - { - "name" : "1026765", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1026765" - }, - { - "name" : "48918", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48918" - }, - { - "name" : "48951", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48951" - }, - { - "name" : "48822", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48822" - }, - { - "name" : "48973", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48973" - }, - { - "name" : "48797", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48797" - }, - { - "name" : "48508", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48508" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the NPUSHB and NPUSHW instructions in a TrueType font." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48797", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48797" + }, + { + "name": "48508", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48508" + }, + { + "name": "48822", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48822" + }, + { + "name": "MDVSA-2012:057", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057" + }, + { + "name": "APPLE-SA-2012-09-19-1", + "refsource": "APPLE", + "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" + }, + { + "name": "http://support.apple.com/kb/HT5503", + "refsource": "CONFIRM", + "url": "http://support.apple.com/kb/HT5503" + }, + { + "name": "52318", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52318" + }, + { + "name": "USN-1403-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1403-1" + }, + { + "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512", + "refsource": "CONFIRM", + "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512" + }, + { + "name": "48918", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48918" + }, + { + "name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/06/16" + }, + { + "name": "SUSE-SU-2012:0484", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html" + }, + { + "name": "SUSE-SU-2012:0521", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html" + }, + { + "name": "48973", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48973" + }, + { + "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html", + "refsource": "CONFIRM", + "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html" + }, + { + "name": "SUSE-SU-2012:0483", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html" + }, + { + "name": "1026765", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1026765" + }, + { + "name": "openSUSE-SU-2012:0489", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html" + }, + { + "name": "48951", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48951" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=800593", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=800593" + }, + { + "name": "GLSA-201204-04", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201204-04.xml" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1330.json b/2012/1xxx/CVE-2012-1330.json index c5106039a3c..f5d786fcee9 100644 --- a/2012/1xxx/CVE-2012-1330.json +++ b/2012/1xxx/CVE-2012-1330.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1330", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1330", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1487.json b/2012/1xxx/CVE-2012-1487.json index ba2b75ceff5..08484322ccf 100644 --- a/2012/1xxx/CVE-2012-1487.json +++ b/2012/1xxx/CVE-2012-1487.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1487", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1487", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1539.json b/2012/1xxx/CVE-2012-1539.json index e5c399425e5..a2912598131 100644 --- a/2012/1xxx/CVE-2012-1539.json +++ b/2012/1xxx/CVE-2012-1539.json @@ -1,87 +1,87 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1539", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka \"CTreePos Use After Free Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-1539", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "MS12-071", - "refsource" : "MS", - "url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-071" - }, - { - "name" : "TA12-318A", - "refsource" : "CERT", - "url" : "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" - }, - { - "name" : "56421", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56421" - }, - { - "name" : "oval:org.mitre.oval:def:15886", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15886" - }, - { - "name" : "1027749", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id?1027749" - }, - { - "name" : "51202", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51202" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka \"CTreePos Use After Free Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "oval:org.mitre.oval:def:15886", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15886" + }, + { + "name": "1027749", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id?1027749" + }, + { + "name": "MS12-071", + "refsource": "MS", + "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-071" + }, + { + "name": "56421", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56421" + }, + { + "name": "51202", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51202" + }, + { + "name": "TA12-318A", + "refsource": "CERT", + "url": "http://www.us-cert.gov/cas/techalerts/TA12-318A.html" + } + ] + } +} \ No newline at end of file diff --git a/2012/1xxx/CVE-2012-1607.json b/2012/1xxx/CVE-2012-1607.json index ddcf0ef1e8f..8f25b681706 100644 --- a/2012/1xxx/CVE-2012-1607.json +++ b/2012/1xxx/CVE-2012-1607.json @@ -1,92 +1,92 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-1607", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-1607", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/03/30/4" - }, - { - "name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/", - "refsource" : "CONFIRM", - "url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/" - }, - { - "name" : "DSA-2445", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2012/dsa-2445" - }, - { - "name" : "52771", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/52771" - }, - { - "name" : "80761", - "refsource" : "OSVDB", - "url" : "http://osvdb.org/80761" - }, - { - "name" : "48622", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48622" - }, - { - "name" : "48647", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/48647" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "48647", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48647" + }, + { + "name": "48622", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/48622" + }, + { + "name": "[oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/03/30/4" + }, + { + "name": "80761", + "refsource": "OSVDB", + "url": "http://osvdb.org/80761" + }, + { + "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/", + "refsource": "CONFIRM", + "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/" + }, + { + "name": "DSA-2445", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2012/dsa-2445" + }, + { + "name": "52771", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/52771" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5062.json b/2012/5xxx/CVE-2012-5062.json index 8a40f7deb61..2cb3eef0f05 100644 --- a/2012/5xxx/CVE-2012-5062.json +++ b/2012/5xxx/CVE-2012-5062.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5062", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5062", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" - }, - { - "name" : "MDVSA-2013:150", - "refsource" : "MANDRIVA", - "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html" + }, + { + "name": "MDVSA-2013:150", + "refsource": "MANDRIVA", + "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5072.json b/2012/5xxx/CVE-2012-5072.json index fa093dda504..bf5bf12106f 100644 --- a/2012/5xxx/CVE-2012-5072.json +++ b/2012/5xxx/CVE-2012-5072.json @@ -1,222 +1,222 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5072", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert_us@oracle.com", + "ID": "CVE-2012-5072", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", - "refsource" : "CONFIRM", - "url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" - }, - { - "name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", - "refsource" : "CONFIRM", - "url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" - }, - { - "name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", - "refsource" : "CONFIRM", - "url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" - }, - { - "name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", - "refsource" : "CONFIRM", - "url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" - }, - { - "name" : "GLSA-201406-32", - "refsource" : "GENTOO", - "url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" - }, - { - "name" : "HPSBUX02832", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "SSRT101042", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" - }, - { - "name" : "HPSBOV02833", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "SSRT101043", - "refsource" : "HP", - "url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" - }, - { - "name" : "RHSA-2012:1385", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" - }, - { - "name" : "RHSA-2012:1386", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" - }, - { - "name" : "RHSA-2012:1391", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" - }, - { - "name" : "RHSA-2012:1392", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" - }, - { - "name" : "RHSA-2012:1466", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" - }, - { - "name" : "RHSA-2012:1467", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" - }, - { - "name" : "RHSA-2013:1455", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" - }, - { - "name" : "RHSA-2013:1456", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" - }, - { - "name" : "openSUSE-SU-2012:1423", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" - }, - { - "name" : "SUSE-SU-2012:1398", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" - }, - { - "name" : "SUSE-SU-2012:1595", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" - }, - { - "name" : "56083", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56083" - }, - { - "name" : "oval:org.mitre.oval:def:16522", - "refsource" : "OVAL", - "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16522" - }, - { - "name" : "51028", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51028" - }, - { - "name" : "51029", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51029" - }, - { - "name" : "51141", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51141" - }, - { - "name" : "51326", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51326" - }, - { - "name" : "51327", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51327" - }, - { - "name" : "51390", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51390" - }, - { - "name" : "51438", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51438" - }, - { - "name" : "51166", - "refsource" : "SECUNIA", - "url" : "http://secunia.com/advisories/51166" - }, - { - "name" : "javaruntimeenvironment-security-info-disc(79434)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79434" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "SUSE-SU-2012:1398", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" + }, + { + "name": "GLSA-201406-32", + "refsource": "GENTOO", + "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" + }, + { + "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", + "refsource": "CONFIRM", + "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" + }, + { + "name": "RHSA-2012:1466", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html" + }, + { + "name": "RHSA-2012:1386", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html" + }, + { + "name": "51438", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51438" + }, + { + "name": "51141", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51141" + }, + { + "name": "SSRT101043", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" + }, + { + "name": "openSUSE-SU-2012:1423", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" + }, + { + "name": "RHSA-2013:1455", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html" + }, + { + "name": "56083", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56083" + }, + { + "name": "RHSA-2012:1391", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" + }, + { + "name": "51029", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51029" + }, + { + "name": "HPSBOV02833", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2" + }, + { + "name": "51166", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51166" + }, + { + "name": "51390", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51390" + }, + { + "name": "RHSA-2012:1392", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html" + }, + { + "name": "SUSE-SU-2012:1595", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" + }, + { + "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", + "refsource": "CONFIRM", + "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" + }, + { + "name": "51327", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51327" + }, + { + "name": "oval:org.mitre.oval:def:16522", + "refsource": "OVAL", + "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16522" + }, + { + "name": "RHSA-2012:1467", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html" + }, + { + "name": "SSRT101042", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + }, + { + "name": "51028", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51028" + }, + { + "name": "RHSA-2013:1456", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html" + }, + { + "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", + "refsource": "CONFIRM", + "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" + }, + { + "name": "51326", + "refsource": "SECUNIA", + "url": "http://secunia.com/advisories/51326" + }, + { + "name": "javaruntimeenvironment-security-info-disc(79434)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79434" + }, + { + "name": "RHSA-2012:1385", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html" + }, + { + "name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", + "refsource": "CONFIRM", + "url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" + }, + { + "name": "HPSBUX02832", + "refsource": "HP", + "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5365.json b/2012/5xxx/CVE-2012-5365.json index cf17aa6e8ec..13b794ec08d 100644 --- a/2012/5xxx/CVE-2012-5365.json +++ b/2012/5xxx/CVE-2012-5365.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5365", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5365", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5423.json b/2012/5xxx/CVE-2012-5423.json index 359e9a6c8f6..26413c02a32 100644 --- a/2012/5xxx/CVE-2012-5423.json +++ b/2012/5xxx/CVE-2012-5423.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5423", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2012-5423", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5505.json b/2012/5xxx/CVE-2012-5505.json index c12eaba67a9..30739251525 100644 --- a/2012/5xxx/CVE-2012-5505.json +++ b/2012/5xxx/CVE-2012-5505.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5505", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5505", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1" - }, - { - "name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", - "refsource" : "CONFIRM", - "url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" - }, - { - "name" : "https://plone.org/products/plone-hotfix/releases/20121106", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone-hotfix/releases/20121106" - }, - { - "name" : "https://plone.org/products/plone/security/advisories/20121106/21", - "refsource" : "CONFIRM", - "url" : "https://plone.org/products/plone/security/advisories/20121106/21" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt", + "refsource": "CONFIRM", + "url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt" + }, + { + "name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/10/1" + }, + { + "name": "https://plone.org/products/plone/security/advisories/20121106/21", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone/security/advisories/20121106/21" + }, + { + "name": "https://plone.org/products/plone-hotfix/releases/20121106", + "refsource": "CONFIRM", + "url": "https://plone.org/products/plone-hotfix/releases/20121106" + } + ] + } +} \ No newline at end of file diff --git a/2012/5xxx/CVE-2012-5517.json b/2012/5xxx/CVE-2012-5517.json index f5b0983c013..d42b2ba7acd 100644 --- a/2012/5xxx/CVE-2012-5517.json +++ b/2012/5xxx/CVE-2012-5517.json @@ -1,132 +1,132 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2012-5517", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "secalert@redhat.com", + "ID": "CVE-2012-5517", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "[oss-security] 20121113 Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes", - "refsource" : "MLIST", - "url" : "http://www.openwall.com/lists/oss-security/2012/11/13/11" - }, - { - "name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1", - "refsource" : "CONFIRM", - "url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/" - }, - { - "name" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", - "refsource" : "CONFIRM", - "url" : "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" - }, - { - "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=875374", - "refsource" : "CONFIRM", - "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875374" - }, - { - "name" : "https://github.com/torvalds/linux/commit/08dff7b7d629807dbb1f398c68dd9cd58dd657a1", - "refsource" : "CONFIRM", - "url" : "https://github.com/torvalds/linux/commit/08dff7b7d629807dbb1f398c68dd9cd58dd657a1" - }, - { - "name" : "RHSA-2012:1580", - "refsource" : "REDHAT", - "url" : "http://rhn.redhat.com/errata/RHSA-2012-1580.html" - }, - { - "name" : "SUSE-SU-2012:1679", - "refsource" : "SUSE", - "url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" - }, - { - "name" : "openSUSE-SU-2013:0925", - "refsource" : "SUSE", - "url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" - }, - { - "name" : "USN-1678-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1678-1" - }, - { - "name" : "USN-1671-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1671-1" - }, - { - "name" : "USN-1673-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1673-1" - }, - { - "name" : "USN-1677-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1677-1" - }, - { - "name" : "USN-1679-1", - "refsource" : "UBUNTU", - "url" : "http://www.ubuntu.com/usn/USN-1679-1" - }, - { - "name" : "56527", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/56527" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The online_pages function in mm/memory_hotplug.c in the Linux kernel before 3.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact in opportunistic circumstances by using memory that was hot-added by an administrator." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2" + }, + { + "name": "USN-1679-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1679-1" + }, + { + "name": "RHSA-2012:1580", + "refsource": "REDHAT", + "url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html" + }, + { + "name": "http://www.kernel.org/pub/linux/kernel/v3.x/", + "refsource": "CONFIRM", + "url": "http://www.kernel.org/pub/linux/kernel/v3.x/" + }, + { + "name": "SUSE-SU-2012:1679", + "refsource": "SUSE", + "url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html" + }, + { + "name": "USN-1673-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1673-1" + }, + { + "name": "https://github.com/torvalds/linux/commit/08dff7b7d629807dbb1f398c68dd9cd58dd657a1", + "refsource": "CONFIRM", + "url": "https://github.com/torvalds/linux/commit/08dff7b7d629807dbb1f398c68dd9cd58dd657a1" + }, + { + "name": "[oss-security] 20121113 Re: CVE request -- Linux kernel: mm/hotplug: failure in propagating hot-added memory to other nodes", + "refsource": "MLIST", + "url": "http://www.openwall.com/lists/oss-security/2012/11/13/11" + }, + { + "name": "USN-1678-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1678-1" + }, + { + "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1", + "refsource": "CONFIRM", + "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=08dff7b7d629807dbb1f398c68dd9cd58dd657a1" + }, + { + "name": "56527", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/56527" + }, + { + "name": "USN-1671-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1671-1" + }, + { + "name": "openSUSE-SU-2013:0925", + "refsource": "SUSE", + "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html" + }, + { + "name": "USN-1677-1", + "refsource": "UBUNTU", + "url": "http://www.ubuntu.com/usn/USN-1677-1" + }, + { + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=875374", + "refsource": "CONFIRM", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875374" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3039.json b/2017/3xxx/CVE-2017-3039.json index 56e1fda3819..c822b3c9814 100644 --- a/2017/3xxx/CVE-2017-3039.json +++ b/2017/3xxx/CVE-2017-3039.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3039", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3039", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the PPKLite security handler. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3050.json b/2017/3xxx/CVE-2017-3050.json index 82a723ebdcc..6b0b43e9c0d 100644 --- a/2017/3xxx/CVE-2017-3050.json +++ b/2017/3xxx/CVE-2017-3050.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3050", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Memory Corruption" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3050", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" - }, - { - "name" : "97556", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/97556" - }, - { - "name" : "1038228", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038228" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to parsing of GIF files. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Memory Corruption" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "1038228", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038228" + }, + { + "name": "97556", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/97556" + }, + { + "name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3075.json b/2017/3xxx/CVE-2017-3075.json index 81358afa263..6fe0177fdcf 100644 --- a/2017/3xxx/CVE-2017-3075.json +++ b/2017/3xxx/CVE-2017-3075.json @@ -1,82 +1,82 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@adobe.com", - "ID" : "CVE-2017-3075", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", - "version" : { - "version_data" : [ - { - "version_value" : "Adobe Flash Player 25.0.0.171 and earlier." - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Use After Free" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@adobe.com", + "ID": "CVE-2017-3075", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Adobe Flash Player 25.0.0.171 and earlier.", + "version": { + "version_data": [ + { + "version_value": "Adobe Flash Player 25.0.0.171 and earlier." + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", - "refsource" : "CONFIRM", - "url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" - }, - { - "name" : "GLSA-201707-15", - "refsource" : "GENTOO", - "url" : "https://security.gentoo.org/glsa/201707-15" - }, - { - "name" : "RHSA-2017:1439", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1439" - }, - { - "name" : "99023", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99023" - }, - { - "name" : "1038655", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038655" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Use After Free" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", + "refsource": "CONFIRM", + "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" + }, + { + "name": "99023", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99023" + }, + { + "name": "1038655", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038655" + }, + { + "name": "RHSA-2017:1439", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1439" + }, + { + "name": "GLSA-201707-15", + "refsource": "GENTOO", + "url": "https://security.gentoo.org/glsa/201707-15" + } + ] + } +} \ No newline at end of file diff --git a/2017/3xxx/CVE-2017-3224.json b/2017/3xxx/CVE-2017-3224.json index 74ebff1d971..64f756cbab9 100644 --- a/2017/3xxx/CVE-2017-3224.json +++ b/2017/3xxx/CVE-2017-3224.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cert@cert.org", - "ID" : "CVE-2017-3224", - "STATE" : "PUBLIC", - "TITLE" : "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Protocol", - "version" : { - "version_data" : [ - { - "affected" : "?", - "version_value" : "N/A" - } - ] - } - } - ] - }, - "vendor_name" : "Open Shortest Path First (OSPF)" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "CWE-354" - } + "CVE_data_meta": { + "ASSIGNER": "cert@cert.org", + "ID": "CVE-2017-3224", + "STATE": "PUBLIC", + "TITLE": "Open Shortest Path First (OSPF) protocol implementations may improperly determine LSA recency in affected Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Protocol", + "version": { + "version_data": [ + { + "affected": "?", + "version_value": "N/A" + } + ] + } + } + ] + }, + "vendor_name": "Open Shortest Path First (OSPF)" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "VU#793496", - "refsource" : "CERT-VN", - "url" : "https://www.kb.cert.org/vuls/id/793496" - } - ] - }, - "source" : { - "discovery" : "UNKNOWN" - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Open Shortest Path First (OSPF) protocol implementations may improperly determine Link State Advertisement (LSA) recency for LSAs with MaxSequenceNumber. According to RFC 2328 section 13.1, for two instances of the same LSA, recency is determined by first comparing sequence numbers, then checksums, and finally MaxAge. In a case where the sequence numbers are the same, the LSA with the larger checksum is considered more recent, and will not be flushed from the Link State Database (LSDB). Since the RFC does not explicitly state that the values of links carried by a LSA must be the same when prematurely aging a self-originating LSA with MaxSequenceNumber, it is possible in vulnerable OSPF implementations for an attacker to craft a LSA with MaxSequenceNumber and invalid links that will result in a larger checksum and thus a 'newer' LSA that will not be flushed from the LSDB. Propagation of the crafted LSA can result in the erasure or alteration of the routing tables of routers within the routing domain, creating a denial of service condition or the re-routing of traffic on the network. CVE-2017-3224 has been reserved for Quagga and downstream implementations (SUSE, openSUSE, and Red Hat packages)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-354" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "VU#793496", + "refsource": "CERT-VN", + "url": "https://www.kb.cert.org/vuls/id/793496" + } + ] + }, + "source": { + "discovery": "UNKNOWN" + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7183.json b/2017/7xxx/CVE-2017-7183.json index 519701dd70e..4662e1cd45f 100644 --- a/2017/7xxx/CVE-2017-7183.json +++ b/2017/7xxx/CVE-2017-7183.json @@ -1,77 +1,77 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7183", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7183", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "20170320 CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service", - "refsource" : "BUGTRAQ", - "url" : "http://www.securityfocus.com/archive/1/540300/100/0/threaded" - }, - { - "name" : "41639", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/41639/" - }, - { - "name" : "http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service.html", - "refsource" : "MISC", - "url" : "http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service.html" - }, - { - "name" : "96973", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/96973" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "96973", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/96973" + }, + { + "name": "http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service.html", + "refsource": "MISC", + "url": "http://packetstormsecurity.com/files/141705/ExtraPuTTY-029_rc2-Denial-Of-Service.html" + }, + { + "name": "41639", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/41639/" + }, + { + "name": "20170320 CVE-2017-7183 ExtraPuTTY v029_RC2 TFTP Denial Of Service", + "refsource": "BUGTRAQ", + "url": "http://www.securityfocus.com/archive/1/540300/100/0/threaded" + } + ] + } +} \ No newline at end of file diff --git a/2017/7xxx/CVE-2017-7957.json b/2017/7xxx/CVE-2017-7957.json index 53fb2dba1a6..e43eb12fc9e 100644 --- a/2017/7xxx/CVE-2017-7957.json +++ b/2017/7xxx/CVE-2017-7957.json @@ -1,102 +1,102 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-7957", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"\") call." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-7957", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://x-stream.github.io/CVE-2017-7957.html", - "refsource" : "CONFIRM", - "url" : "http://x-stream.github.io/CVE-2017-7957.html" - }, - { - "name" : "https://www-prd-trops.events.ibm.com/node/715749", - "refsource" : "CONFIRM", - "url" : "https://www-prd-trops.events.ibm.com/node/715749" - }, - { - "name" : "DSA-3841", - "refsource" : "DEBIAN", - "url" : "http://www.debian.org/security/2017/dsa-3841" - }, - { - "name" : "RHSA-2017:2888", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2888" - }, - { - "name" : "RHSA-2017:2889", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:2889" - }, - { - "name" : "RHSA-2017:1832", - "refsource" : "REDHAT", - "url" : "https://access.redhat.com/errata/RHSA-2017:1832" - }, - { - "name" : "100687", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/100687" - }, - { - "name" : "1039499", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1039499" - }, - { - "name" : "xstream-cve20177957-dos(125800)", - "refsource" : "XF", - "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125800" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML(\"\") call." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "RHSA-2017:2888", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2888" + }, + { + "name": "RHSA-2017:1832", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:1832" + }, + { + "name": "RHSA-2017:2889", + "refsource": "REDHAT", + "url": "https://access.redhat.com/errata/RHSA-2017:2889" + }, + { + "name": "1039499", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1039499" + }, + { + "name": "https://www-prd-trops.events.ibm.com/node/715749", + "refsource": "CONFIRM", + "url": "https://www-prd-trops.events.ibm.com/node/715749" + }, + { + "name": "xstream-cve20177957-dos(125800)", + "refsource": "XF", + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125800" + }, + { + "name": "DSA-3841", + "refsource": "DEBIAN", + "url": "http://www.debian.org/security/2017/dsa-3841" + }, + { + "name": "http://x-stream.github.io/CVE-2017-7957.html", + "refsource": "CONFIRM", + "url": "http://x-stream.github.io/CVE-2017-7957.html" + }, + { + "name": "100687", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/100687" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8144.json b/2017/8xxx/CVE-2017-8144.json index 8b16049fd87..1799a29003e 100644 --- a/2017/8xxx/CVE-2017-8144.json +++ b/2017/8xxx/CVE-2017-8144.json @@ -1,63 +1,63 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "psirt@huawei.com", - "DATE_PUBLIC" : "2017-11-15T00:00:00", - "ID" : "CVE-2017-8144", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus", - "version" : { - "version_data" : [ - { - "version_value" : "The versions before CAM-L03C605B143CUSTC605D003,The versions before Prague-L03C605B161,The versions before Prague-L23C605B160,The versions before MHA-AL00C00B225,The versions before LON-AL00C00B225,The versions before VTR-AL00C00B167,The versions before VTR-TL00C01B167,The versions before VKY-AL00C00B167,The versions before VKY-TL00C01B167" - } - ] - } - } - ] - }, - "vendor_name" : "Huawei Technologies Co., Ltd." - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Resource Exhaustion" - } + "CVE_data_meta": { + "ASSIGNER": "psirt@huawei.com", + "DATE_PUBLIC": "2017-11-15T00:00:00", + "ID": "CVE-2017-8144", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus", + "version": { + "version_data": [ + { + "version_value": "The versions before CAM-L03C605B143CUSTC605D003,The versions before Prague-L03C605B161,The versions before Prague-L23C605B160,The versions before MHA-AL00C00B225,The versions before LON-AL00C00B225,The versions before VTR-AL00C00B167,The versions before VTR-TL00C01B167,The versions before VKY-AL00C00B167,The versions before VKY-TL00C01B167" + } + ] + } + } + ] + }, + "vendor_name": "Huawei Technologies Co., Ltd." + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en", - "refsource" : "CONFIRM", - "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones with software the versions before CAM-L03C605B143CUSTC605D003,the versions before Prague-L03C605B161,the versions before Prague-L23C605B160,the versions before MHA-AL00C00B225,the versions before LON-AL00C00B225,the versions before VTR-AL00C00B167,the versions before VTR-TL00C01B167,the versions before VKY-AL00C00B167,the versions before VKY-TL00C01B167 have a resource exhaustion vulnerability due to configure setting. An attacker tricks a user into installing a malicious application, the application may turn on the device flash-light and rapidly drain the device battery." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Resource Exhaustion" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en", + "refsource": "CONFIRM", + "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170725-01-smartphone-en" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8341.json b/2017/8xxx/CVE-2017-8341.json index b63eb559412..be2c5df2c19 100644 --- a/2017/8xxx/CVE-2017-8341.json +++ b/2017/8xxx/CVE-2017-8341.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8341", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8341", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8461.json b/2017/8xxx/CVE-2017-8461.json index ed01f4c5ab8..851a43f50df 100644 --- a/2017/8xxx/CVE-2017-8461.json +++ b/2017/8xxx/CVE-2017-8461.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "secure@microsoft.com", - "ID" : "CVE-2017-8461", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "Microsoft Windows", - "version" : { - "version_data" : [ - { - "version_value" : "Windows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2" - } - ] - } - } - ] - }, - "vendor_name" : "Microsoft Corporation" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka \"Windows RPC Remote Code Execution Vulnerability.\"" - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "Remote Code Execution" - } + "CVE_data_meta": { + "ASSIGNER": "secure@microsoft.com", + "ID": "CVE-2017-8461", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "Microsoft Windows", + "version": { + "version_data": [ + { + "version_value": "Windows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2" + } + ] + } + } + ] + }, + "vendor_name": "Microsoft Corporation" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003", - "refsource" : "CONFIRM", - "url" : "https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003" - }, - { - "name" : "99012", - "refsource" : "BID", - "url" : "http://www.securityfocus.com/bid/99012" - }, - { - "name" : "1038701", - "refsource" : "SECTRACK", - "url" : "http://www.securitytracker.com/id/1038701" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka \"Windows RPC Remote Code Execution Vulnerability.\"" + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "Remote Code Execution" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003", + "refsource": "CONFIRM", + "url": "https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003" + }, + { + "name": "99012", + "refsource": "BID", + "url": "http://www.securityfocus.com/bid/99012" + }, + { + "name": "1038701", + "refsource": "SECTRACK", + "url": "http://www.securitytracker.com/id/1038701" + } + ] + } +} \ No newline at end of file diff --git a/2017/8xxx/CVE-2017-8776.json b/2017/8xxx/CVE-2017-8776.json index b6478c1e267..36746e82498 100644 --- a/2017/8xxx/CVE-2017-8776.json +++ b/2017/8xxx/CVE-2017-8776.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2017-8776", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2017-8776", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/", - "refsource" : "MISC", - "url" : "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the product." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/", + "refsource": "MISC", + "url": "http://payatu.com/quick-heal-antivirus-protection-mechanism-failure-vulnerability/" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10076.json b/2018/10xxx/CVE-2018-10076.json index 852fda87008..94024caf42e 100644 --- a/2018/10xxx/CVE-2018-10076.json +++ b/2018/10xxx/CVE-2018-10076.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10076", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10076", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://www.manageengine.com/products/eventlog/release-notes.html", - "refsource" : "CONFIRM", - "url" : "https://www.manageengine.com/products/eventlog/release-notes.html" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "An issue was discovered in Zoho ManageEngine EventLog Analyzer 11.12. A Cross-Site Scripting vulnerability allows a remote attacker to inject arbitrary web script or HTML via the search functionality (the search box of the Dashboard)." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://www.manageengine.com/products/eventlog/release-notes.html", + "refsource": "CONFIRM", + "url": "https://www.manageengine.com/products/eventlog/release-notes.html" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10448.json b/2018/10xxx/CVE-2018-10448.json index 6e70e5b3a99..710f46af074 100644 --- a/2018/10xxx/CVE-2018-10448.json +++ b/2018/10xxx/CVE-2018-10448.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10448", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10448", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10552.json b/2018/10xxx/CVE-2018-10552.json index bb0239d80d7..9556e2d9750 100644 --- a/2018/10xxx/CVE-2018-10552.json +++ b/2018/10xxx/CVE-2018-10552.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10552", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10552", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10570.json b/2018/10xxx/CVE-2018-10570.json index ab49c3fbda3..adb4d2c4c18 100644 --- a/2018/10xxx/CVE-2018-10570.json +++ b/2018/10xxx/CVE-2018-10570.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10570", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10570", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/philippe/FrogCMS/issues/9", - "refsource" : "MISC", - "url" : "https://github.com/philippe/FrogCMS/issues/9" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/philippe/FrogCMS/issues/9", + "refsource": "MISC", + "url": "https://github.com/philippe/FrogCMS/issues/9" + } + ] + } +} \ No newline at end of file diff --git a/2018/10xxx/CVE-2018-10838.json b/2018/10xxx/CVE-2018-10838.json index a4f7b62882d..216b5f0e14f 100644 --- a/2018/10xxx/CVE-2018-10838.json +++ b/2018/10xxx/CVE-2018-10838.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-10838", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-10838", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13043.json b/2018/13xxx/CVE-2018-13043.json index 3f7fc6a968f..c1eea4cd879 100644 --- a/2018/13xxx/CVE-2018-13043.json +++ b/2018/13xxx/CVE-2018-13043.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13043", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13043", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://bugs.debian.org/902409", - "refsource" : "MISC", - "url" : "https://bugs.debian.org/902409" - }, - { - "name" : "USN-3704-1", - "refsource" : "UBUNTU", - "url" : "https://usn.ubuntu.com/3704-1/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://bugs.debian.org/902409", + "refsource": "MISC", + "url": "https://bugs.debian.org/902409" + }, + { + "name": "USN-3704-1", + "refsource": "UBUNTU", + "url": "https://usn.ubuntu.com/3704-1/" + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13245.json b/2018/13xxx/CVE-2018-13245.json index 3a804800d21..61c5842dbf4 100644 --- a/2018/13xxx/CVE-2018-13245.json +++ b/2018/13xxx/CVE-2018-13245.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13245", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13245", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13260.json b/2018/13xxx/CVE-2018-13260.json index 08c4744b345..ed91db4a08c 100644 --- a/2018/13xxx/CVE-2018-13260.json +++ b/2018/13xxx/CVE-2018-13260.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13260", - "STATE" : "REJECT" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." - } - ] - } -} + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2018-13260", + "ASSIGNER": "cve@mitre.org", + "STATE": "REJECT" + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." + } + ] + } +} \ No newline at end of file diff --git a/2018/13xxx/CVE-2018-13685.json b/2018/13xxx/CVE-2018-13685.json index 93d11d2a8cd..a897fee5c3e 100644 --- a/2018/13xxx/CVE-2018-13685.json +++ b/2018/13xxx/CVE-2018-13685.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-13685", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-13685", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" - }, - { - "name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken", - "refsource" : "MISC", - "url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The mintToken function of a smart contract implementation for Vornox (VRX) (Contract Name: VornoxCoinToken), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/CoinToken" + }, + { + "name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", + "refsource": "MISC", + "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17096.json b/2018/17xxx/CVE-2018-17096.json index fbfc5abe28c..2cb3b91f189 100644 --- a/2018/17xxx/CVE-2018-17096.json +++ b/2018/17xxx/CVE-2018-17096.json @@ -1,67 +1,67 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17096", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17096", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03", - "refsource" : "MISC", - "url" : "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03" - }, - { - "name" : "https://gitlab.com/soundtouch/soundtouch/issues/14", - "refsource" : "MISC", - "url" : "https://gitlab.com/soundtouch/soundtouch/issues/14" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The BPMDetect class in BPMDetect.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "https://gitlab.com/soundtouch/soundtouch/issues/14", + "refsource": "MISC", + "url": "https://gitlab.com/soundtouch/soundtouch/issues/14" + }, + { + "name": "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03", + "refsource": "MISC", + "url": "https://github.com/TeamSeri0us/pocs/tree/master/soundtouch/2018_09_03" + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17549.json b/2018/17xxx/CVE-2018-17549.json index dc1c4df3d92..babf2e8241e 100644 --- a/2018/17xxx/CVE-2018-17549.json +++ b/2018/17xxx/CVE-2018-17549.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17549", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17549", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17735.json b/2018/17xxx/CVE-2018-17735.json index 7d58d09a35d..ddbe578c2d1 100644 --- a/2018/17xxx/CVE-2018-17735.json +++ b/2018/17xxx/CVE-2018-17735.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17735", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17735", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/17xxx/CVE-2018-17879.json b/2018/17xxx/CVE-2018-17879.json index cda3ecb2637..7708f6f4225 100644 --- a/2018/17xxx/CVE-2018-17879.json +++ b/2018/17xxx/CVE-2018-17879.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-17879", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-17879", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/20xxx/CVE-2018-20791.json b/2018/20xxx/CVE-2018-20791.json index b648d96ede1..c78536f7838 100644 --- a/2018/20xxx/CVE-2018-20791.json +++ b/2018/20xxx/CVE-2018-20791.json @@ -1,62 +1,62 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-20791", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-20791", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "45987", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/45987" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "45987", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/45987" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9680.json b/2018/9xxx/CVE-2018-9680.json index ee3309a6350..e6a55128f29 100644 --- a/2018/9xxx/CVE-2018-9680.json +++ b/2018/9xxx/CVE-2018-9680.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9680", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9680", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9769.json b/2018/9xxx/CVE-2018-9769.json index 9f682a6587c..37df48fbadc 100644 --- a/2018/9xxx/CVE-2018-9769.json +++ b/2018/9xxx/CVE-2018-9769.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9769", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9769", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9844.json b/2018/9xxx/CVE-2018-9844.json index aadf7683fd6..996c878654c 100644 --- a/2018/9xxx/CVE-2018-9844.json +++ b/2018/9xxx/CVE-2018-9844.json @@ -1,72 +1,72 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9844", - "STATE" : "PUBLIC" - }, - "affects" : { - "vendor" : { - "vendor_data" : [ - { - "product" : { - "product_data" : [ - { - "product_name" : "n/a", - "version" : { - "version_data" : [ - { - "version_value" : "n/a" - } - ] - } - } - ] - }, - "vendor_name" : "n/a" - } - ] - } - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS." - } - ] - }, - "problemtype" : { - "problemtype_data" : [ - { - "description" : [ - { - "lang" : "eng", - "value" : "n/a" - } + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9844", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "product": { + "product_data": [ + { + "product_name": "n/a", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + }, + "vendor_name": "n/a" + } ] - } - ] - }, - "references" : { - "reference_data" : [ - { - "name" : "44444", - "refsource" : "EXPLOIT-DB", - "url" : "https://www.exploit-db.com/exploits/44444/" - }, - { - "name" : "https://wordpress.org/plugins/wp-file-upload/#developers", - "refsource" : "CONFIRM", - "url" : "https://wordpress.org/plugins/wp-file-upload/#developers" - }, - { - "name" : "https://www.iptanus.com/new-version-4-3-4-of-wordpress-file-upload-plugin/", - "refsource" : "CONFIRM", - "url" : "https://www.iptanus.com/new-version-4-3-4-of-wordpress-file-upload-plugin/" - } - ] - } -} + } + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS." + } + ] + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "n/a" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "name": "44444", + "refsource": "EXPLOIT-DB", + "url": "https://www.exploit-db.com/exploits/44444/" + }, + { + "name": "https://www.iptanus.com/new-version-4-3-4-of-wordpress-file-upload-plugin/", + "refsource": "CONFIRM", + "url": "https://www.iptanus.com/new-version-4-3-4-of-wordpress-file-upload-plugin/" + }, + { + "name": "https://wordpress.org/plugins/wp-file-upload/#developers", + "refsource": "CONFIRM", + "url": "https://wordpress.org/plugins/wp-file-upload/#developers" + } + ] + } +} \ No newline at end of file diff --git a/2018/9xxx/CVE-2018-9894.json b/2018/9xxx/CVE-2018-9894.json index 59dcda29139..b80eb9a5c2a 100644 --- a/2018/9xxx/CVE-2018-9894.json +++ b/2018/9xxx/CVE-2018-9894.json @@ -1,18 +1,18 @@ { - "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", - "ID" : "CVE-2018-9894", - "STATE" : "RESERVED" - }, - "data_format" : "MITRE", - "data_type" : "CVE", - "data_version" : "4.0", - "description" : { - "description_data" : [ - { - "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} + "CVE_data_meta": { + "ASSIGNER": "cve@mitre.org", + "ID": "CVE-2018-9894", + "STATE": "RESERVED" + }, + "data_format": "MITRE", + "data_type": "CVE", + "data_version": "4.0", + "description": { + "description_data": [ + { + "lang": "eng", + "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} \ No newline at end of file